[Pkg-utopia-maintainers] Bug#1109939: unblock: firewalld/2.3.1-1
Michael Biebl
biebl at debian.org
Sat Jul 26 18:29:40 BST 2025
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: firewalld at packages.debian.org
Control: affects -1 + src:firewalld
User: release.debian.org at packages.debian.org
Usertags: unblock
Please unblock package firewalld
firewalld upstream has made a point/bug fix release recently
accumulating bug fixes for over half a year.
Upstream is very conservative with backporting fixes to their stable
branches and I have a lot of trust in them.
Some of the fixes had already been pulled via patches into the Debian
package.
[ Reason ]
I'd like to see the bug fixes for the 2.3 stable branch be available to
our trixie users. If this unblock request is not granted, I intend to
get them via trixie-pu, but I think it would be preferrable to have
those from the get-go.
The changes include updates to the test suite and various smaller fixes:
99e16878 test: rich: rule reference invalid ipset
048502de fix(policy): rich: verify ipset exists
e3c938a0 fix(systemd): allow start code 251 (RUNNING_BUT_FAILED)
2feab45f fix(firewall-config): allow selecting the first service in the list
b6e56a1f fix(firewall-config): don't create rich rule with invalid element
3ee172b2 fix(firewall-config): fix rich rule creation
45d20e4c fix(fw): start: remove ipset probe
7d1e4a88 chore(ipset): remove set_supported_types()
43a5d513 test(nftables): table owner: use grep instead of head
5d06626d fix(systemd): remove unnecessary comment
a6dc42e6 fix(systemd): verify firewalld is responsive to dbus
ec4cb3d0 test(rpfilter): improve config value checks
663e6198 fix(config): correctly set IPv6_rpfilter via dbus IPv6_rpfilter2
a8f8b60f docs(policy): fix typo
6d4247a0 fix: include missing helper.xsd file to release tarball
7728f9fe test: add scale keyword to scale tests
6577f5ac fix: Fix translating appdata file
[ Impact ]
All those fixes will not be available for our trixie users.
[ Tests ]
firewalld has an elaborate autopkgtest suite and I also did some manual
testing.
[ Risks ]
Rather low, as the fixes are targetted and small.
[ Checklist ]
[ ] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
I've excluded autogenerated files from the debdiff to keep the changes
minimal:
git diff debian/2.3.0-4..debian/2.3.1-1 ':!src/tests/testsuite' ':!doc/man/*' ':!src/tests/integration/testsuite' ':!config/Makefile.in' ':!configure' ':!src/firewall-config' | diffstat
b/config/Makefile.am | 3 ++-
b/config/firewalld.service.in | 4 +++-
b/config/xmlschema/helper.xsd | 26 ++++++++++++++++++++++++++
b/debian/changelog | 7 +++++++
b/debian/patches/Remove-etc-sysconfig-firewalld-support.patch | 8 ++++----
b/debian/patches/series | 1 -
b/doc/xml/firewalld.policies.xml | 2 +-
b/firewalld.spec | 5 ++++-
b/src/firewall-config.in | 59 +++++++++++++++++++++++++++++++++--------------------------
b/src/firewall/config/__init__.py | 2 +-
b/src/firewall/core/fw.py | 16 ----------------
b/src/firewall/core/io/policy.py | 16 ++++++++++++++++
b/src/firewall/core/ipset.py | 21 ---------------------
b/src/firewall/server/config.py | 7 ++++++-
b/src/tests/features/nftables_table_owner.at | 21 +++++----------------
b/src/tests/features/rpfilter.at | 35 ++++++++++++++++++++++++++++++++---
b/src/tests/package.m4 | 4 ++--
b/src/tests/regression/RHEL-67103.at | 34 ++++++++++++++++++++++++++++++++++
b/src/tests/regression/ipset_scale.at | 2 +-
b/src/tests/regression/regression.at | 1 +
b/src/tests/regression/rhbz1871298.at | 2 +-
debian/patches/test-nftables-table-owner-use-grep-instead-of-head.patch | 69 ---------------------------------------------------------------------
22 files changed, 179 insertions(+), 166 deletions(-)
I've also included an unfiltered debdiff.
Regards
Michael
unblock firewalld/2.3.1-1
-------------- next part --------------
diff --git a/config/Makefile.am b/config/Makefile.am
index e670fbc8..16a74304 100644
--- a/config/Makefile.am
+++ b/config/Makefile.am
@@ -30,6 +30,7 @@ gsettings_SCHEMAS = $(gsettings_in_file:.xml.in=.xml)
xmlschemadir = $(prefixlibdir)/xmlschema
dist_xmlschema_DATA = \
+ xmlschema/helper.xsd \
xmlschema/icmptype.xsd \
xmlschema/ipset.xsd \
xmlschema/service.xsd \
@@ -48,7 +49,7 @@ BUILT_SOURCES = \
@INTLTOOL_DESKTOP_RULE@
@INTLTOOL_POLICY_RULE@
- at INTLTOOL_XML_NOMERGE_RULE@
+ at INTLTOOL_XML_RULE@
@GSETTINGS_RULES@
all: $(desktop_DATA) $(appdata_DATA) $(applet_desktop_DATA) $(polkit1_action_DATA) $(gsettings_SCHEMAS)
diff --git a/config/Makefile.in b/config/Makefile.in
index 29bc9512..8bb14e04 100644
--- a/config/Makefile.in
+++ b/config/Makefile.in
@@ -333,6 +333,7 @@ gsettings_in_file = org.fedoraproject.FirewallConfig.gschema.xml.in
gsettings_SCHEMAS = $(gsettings_in_file:.xml.in=.xml)
xmlschemadir = $(prefixlibdir)/xmlschema
dist_xmlschema_DATA = \
+ xmlschema/helper.xsd \
xmlschema/icmptype.xsd \
xmlschema/ipset.xsd \
xmlschema/service.xsd \
@@ -1156,7 +1157,7 @@ uninstall-am: uninstall-appdataDATA uninstall-applet_desktopDATA \
@INTLTOOL_DESKTOP_RULE@
@INTLTOOL_POLICY_RULE@
- at INTLTOOL_XML_NOMERGE_RULE@
+ at INTLTOOL_XML_RULE@
@GSETTINGS_RULES@
all: $(desktop_DATA) $(appdata_DATA) $(applet_desktop_DATA) $(polkit1_action_DATA) $(gsettings_SCHEMAS)
diff --git a/config/firewalld.service.in b/config/firewalld.service.in
index f39c411d..b00d36cd 100644
--- a/config/firewalld.service.in
+++ b/config/firewalld.service.in
@@ -10,8 +10,10 @@ Documentation=man:firewalld(1)
[Service]
EnvironmentFile=-/etc/sysconfig/firewalld
ExecStart=@sbindir@/firewalld --nofork --nopid $FIREWALLD_ARGS
+ExecStartPost=@bindir@/firewall-cmd --state
+# don't fail ExecStartPost on RUNNING_BUT_FAILED
+SuccessExitStatus=251
ExecReload=/bin/kill -HUP $MAINPID
-# supress to log debug and error output also to /var/log/messages
StandardOutput=null
StandardError=null
Type=dbus
diff --git a/config/xmlschema/helper.xsd b/config/xmlschema/helper.xsd
new file mode 100644
index 00000000..1d5ba116
--- /dev/null
+++ b/config/xmlschema/helper.xsd
@@ -0,0 +1,26 @@
+<?xml version="1.0"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ lementFormDefault="qualified">
+
+<xs:element name="helper">
+ <xs:complexType>
+ <xs:choice maxOccurs="unbounded">
+ <xs:element name="port" type="porttype" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:choice>
+ <xs:attribute name="module" type="xs:string"/>
+ <xs:attribute name="family" type="familyrestrict"/>
+ </xs:complexType>
+</xs:element>
+
+<xs:simpleType name="familyrestrict">
+ <xs:restriction base="xs:string">
+ <xs:pattern value="ipv4|ipv6"/>
+ </xs:restriction>
+</xs:simpleType>
+
+<xs:complexType name="porttype">
+ <xs:attribute name="protocol" type="xs:string" use="required"/>
+ <xs:attribute name="port" type="xs:string" use="optional"/>
+</xs:complexType>
+
+</xs:schema>
diff --git a/configure b/configure
index 240b4065..43fad6a3 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71 for firewalld 2.3.0.
+# Generated by GNU Autoconf 2.71 for firewalld 2.3.1.
#
#
# Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation,
@@ -608,8 +608,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='firewalld'
PACKAGE_TARNAME='firewalld'
-PACKAGE_VERSION='2.3.0'
-PACKAGE_STRING='firewalld 2.3.0'
+PACKAGE_VERSION='2.3.1'
+PACKAGE_STRING='firewalld 2.3.1'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -1362,7 +1362,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures firewalld 2.3.0 to adapt to many kinds of systems.
+\`configure' configures firewalld 2.3.1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1429,7 +1429,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of firewalld 2.3.0:";;
+ short | recursive ) echo "Configuration of firewalld 2.3.1:";;
esac
cat <<\_ACEOF
@@ -1553,7 +1553,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-firewalld configure 2.3.0
+firewalld configure 2.3.1
generated by GNU Autoconf 2.71
Copyright (C) 2021 Free Software Foundation, Inc.
@@ -1590,7 +1590,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by firewalld $as_me 2.3.0, which was
+It was created by firewalld $as_me 2.3.1, which was
generated by GNU Autoconf 2.71. Invocation command line was
$ $0$ac_configure_args_raw
@@ -2546,7 +2546,7 @@ fi
# Define the identity of the package.
PACKAGE='firewalld'
- VERSION='2.3.0'
+ VERSION='2.3.1'
# Some tools Automake needs.
@@ -2766,7 +2766,7 @@ PACKAGE_RELEASE='1'
printf "%s\n" "#define PACKAGE_RELEASE \"$PACKAGE_RELEASE\"" >>confdefs.h
-PACKAGE_TAG='v2.3.0'
+PACKAGE_TAG='v2.3.1'
printf "%s\n" "#define PACKAGE_TAG \"$PACKAGE_TAG\"" >>confdefs.h
@@ -6078,7 +6078,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by firewalld $as_me 2.3.0, which was
+This file was extended by firewalld $as_me 2.3.1, which was
generated by GNU Autoconf 2.71. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -6137,7 +6137,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config='$ac_cs_config_escaped'
ac_cs_version="\\
-firewalld config.status 2.3.0
+firewalld config.status 2.3.1
configured by $0, generated by GNU Autoconf 2.71,
with options \\"\$ac_cs_config\\"
diff --git a/debian/changelog b/debian/changelog
index 95256818..c834a4b9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+firewalld (2.3.1-1) unstable; urgency=medium
+
+ * New upstream version 2.3.1
+ * Rebase patches
+
+ -- Michael Biebl <biebl at debian.org> Sat, 26 Jul 2025 18:52:44 +0200
+
firewalld (2.3.0-4) unstable; urgency=medium
* test(nftables): table owner: use grep instead of head.
diff --git a/debian/patches/Remove-etc-sysconfig-firewalld-support.patch b/debian/patches/Remove-etc-sysconfig-firewalld-support.patch
index 8d7f0bbd..4a2472a8 100644
--- a/debian/patches/Remove-etc-sysconfig-firewalld-support.patch
+++ b/debian/patches/Remove-etc-sysconfig-firewalld-support.patch
@@ -9,7 +9,7 @@ can use the standard systemd mechanisms for that, like drop-ins.
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/config/firewalld.service.in b/config/firewalld.service.in
-index f39c411..ae24d00 100644
+index b00d36c..50e32e1 100644
--- a/config/firewalld.service.in
+++ b/config/firewalld.service.in
@@ -8,8 +8,7 @@ Conflicts=iptables.service ip6tables.service ebtables.service ipset.service
@@ -19,6 +19,6 @@ index f39c411..ae24d00 100644
-EnvironmentFile=-/etc/sysconfig/firewalld
-ExecStart=@sbindir@/firewalld --nofork --nopid $FIREWALLD_ARGS
+ExecStart=@sbindir@/firewalld --nofork --nopid
- ExecReload=/bin/kill -HUP $MAINPID
- # supress to log debug and error output also to /var/log/messages
- StandardOutput=null
+ ExecStartPost=@bindir@/firewall-cmd --state
+ # don't fail ExecStartPost on RUNNING_BUT_FAILED
+ SuccessExitStatus=251
diff --git a/debian/patches/series b/debian/patches/series
index f583b295..8c262ab8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,2 @@
Remove-etc-sysconfig-firewalld-support.patch
Switch-to-python3.patch
-test-nftables-table-owner-use-grep-instead-of-head.patch
diff --git a/debian/patches/test-nftables-table-owner-use-grep-instead-of-head.patch b/debian/patches/test-nftables-table-owner-use-grep-instead-of-head.patch
deleted file mode 100644
index d1d5972b..00000000
--- a/debian/patches/test-nftables-table-owner-use-grep-instead-of-head.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From: Eric Garver <eric at garver.life>
-Date: Wed, 7 May 2025 11:31:03 -0400
-Subject: test(nftables): table owner: use grep instead of head
-
-Using `head -n 2` will cause head to terminate early while the prior
-commands in the pipeline still have output. This will trigger SIGPIPE
-and in some cases causes messages on stderr. Use grep to consume all the
-output.
-
-Fixes: #1403
-Fixes: e7728b843c2e ("test(nftables): table ownership")
-
---->8---
-
-./nftables_table_owner.at:1: env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list table inet firewalld | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | head -n 2
---- /dev/null 2025-05-06 18:20:20.014443085 +0000
-+++ /home/runner/work/firewalld/firewalld/src/tests/testsuite.dir/at-groups/228/stderr 2025-05-06 18:31:38.431177759 +0000
-@@ -0,0 +1,2 @@
-+/home/runner/work/firewalld/firewalld/src/tests/testsuite.dir/at-groups/228/test-source: line 409: printf: write error: Broken pipe
-+/home/runner/work/firewalld/firewalld/src/tests/testsuite.dir/at-groups/228/test-source: line 409: echo: write error: Broken pipe
-228. nftables_table_owner.at:1: FAILED (nftables_table_owner.at:
-
-(cherry picked from commit 31e2584c5ada874639cbd80174c3fd745e392852)
----
- src/tests/features/nftables_table_owner.at | 21 +++++----------------
- 1 file changed, 5 insertions(+), 16 deletions(-)
-
-diff --git a/src/tests/features/nftables_table_owner.at b/src/tests/features/nftables_table_owner.at
-index abc946d..dd9c3de 100644
---- a/src/tests/features/nftables_table_owner.at
-+++ b/src/tests/features/nftables_table_owner.at
-@@ -7,32 +7,21 @@ FWD_RELOAD()
-
- AT_SKIP_IF([grep "Configuration has NftablesTableOwner=True, but it's not supported by nftables." ./firewalld.log])
-
--NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | head -n 2], 0, [m4_strip([dnl
-- table inet firewalld { # progname firewalld
-- flags owner,persist
--])])
-+dnl Make sure it's initially working
-+dnl
-+NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | grep "flags owner,persist"], 0, [ignore])
-
- dnl Test the transitions from On to Off
- dnl
--
- AT_CHECK([sed -i 's/^NftablesTableOwner=.*/NftablesTableOwner=no/' ./firewalld.conf])
- FWD_RELOAD()
--
--NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | head -n 2], 0, [m4_strip([dnl
-- table inet firewalld {
-- chain mangle_PREROUTING {
--])])
-+NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | grep "flags owner,persist"], 1)
-
- dnl Test the transitions from Off to On
- dnl
--
- AT_CHECK([sed -i 's/^NftablesTableOwner=.*/NftablesTableOwner=yes/' ./firewalld.conf])
- FWD_RELOAD()
--
--NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | head -n 2], 0, [m4_strip([dnl
-- table inet firewalld { # progname firewalld
-- flags owner,persist
--])])
-+NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | grep "flags owner,persist"], 0, [ignore])
-
- FWD_END_TEST()
- ])
diff --git a/doc/man/man1/firewall-applet.1 b/doc/man/man1/firewall-applet.1
index 90d1e251..c09ed289 100644
--- a/doc/man/man1/firewall-applet.1
+++ b/doc/man/man1/firewall-applet.1
@@ -4,10 +4,10 @@
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\" Date:
.\" Manual: firewall-applet
-.\" Source: firewalld 2.3.0
+.\" Source: firewalld 2.3.1
.\" Language: English
.\"
-.TH "FIREWALL\-APPLET" "1" "" "firewalld 2.3.0" "firewall-applet"
+.TH "FIREWALL\-APPLET" "1" "" "firewalld 2.3.1" "firewall-applet"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/doc/man/man1/firewall-cmd.1 b/doc/man/man1/firewall-cmd.1
index d9ac8cec..04c608e5 100644
--- a/doc/man/man1/firewall-cmd.1
+++ b/doc/man/man1/firewall-cmd.1
@@ -4,10 +4,10 @@
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\" Date:
.\" Manual: firewall-cmd
-.\" Source: firewalld 2.3.0
+.\" Source: firewalld 2.3.1
.\" Language: English
.\"
-.TH "FIREWALL\-CMD" "1" "" "firewalld 2.3.0" "firewall-cmd"
+.TH "FIREWALL\-CMD" "1" "" "firewalld 2.3.1" "firewall-cmd"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/doc/man/man1/firewall-config.1 b/doc/man/man1/firewall-config.1
index f05a9b44..d48b66a0 100644
--- a/doc/man/man1/firewall-config.1
+++ b/doc/man/man1/firewall-config.1
@@ -4,10 +4,10 @@
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\" Date:
.\" Manual: firewall-config
-.\" Source: firewalld 2.3.0
+.\" Source: firewalld 2.3.1
.\" Language: English
.\"
-.TH "FIREWALL\-CONFIG" "1" "" "firewalld 2.3.0" "firewall-config"
+.TH "FIREWALL\-CONFIG" "1" "" "firewalld 2.3.1" "firewall-config"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/doc/man/man1/firewall-offline-cmd.1 b/doc/man/man1/firewall-offline-cmd.1
index b0d0c92a..c67f0c02 100644
--- a/doc/man/man1/firewall-offline-cmd.1
+++ b/doc/man/man1/firewall-offline-cmd.1
@@ -4,10 +4,10 @@
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\" Date:
.\" Manual: firewall-offline-cmd
-.\" Source: firewalld 2.3.0
+.\" Source: firewalld 2.3.1
.\" Language: English
.\"
-.TH "FIREWALL\-OFFLINE\-C" "1" "" "firewalld 2.3.0" "firewall-offline-cmd"
+.TH "FIREWALL\-OFFLINE\-C" "1" "" "firewalld 2.3.1" "firewall-offline-cmd"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/doc/man/man1/firewalld.1 b/doc/man/man1/firewalld.1
index de8df839..959dacda 100644
--- a/doc/man/man1/firewalld.1
+++ b/doc/man/man1/firewalld.1
@@ -4,10 +4,10 @@
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\" Date:
.\" Manual: firewalld
-.\" Source: firewalld 2.3.0
+.\" Source: firewalld 2.3.1
.\" Language: English
.\"
-.TH "FIREWALLD" "1" "" "firewalld 2.3.0" "firewalld"
+.TH "FIREWALLD" "1" "" "firewalld 2.3.1" "firewalld"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/doc/man/man5/firewalld.conf.5 b/doc/man/man5/firewalld.conf.5
index edbd1b56..d28871d9 100644
--- a/doc/man/man5/firewalld.conf.5
+++ b/doc/man/man5/firewalld.conf.5
@@ -4,10 +4,10 @@
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\" Date:
.\" Manual: firewalld.conf
-.\" Source: firewalld 2.3.0
+.\" Source: firewalld 2.3.1
.\" Language: English
.\"
-.TH "FIREWALLD\&.CONF" "5" "" "firewalld 2.3.0" "firewalld.conf"
+.TH "FIREWALLD\&.CONF" "5" "" "firewalld 2.3.1" "firewalld.conf"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/doc/man/man5/firewalld.dbus.5 b/doc/man/man5/firewalld.dbus.5
index 26395be4..f3459d1c 100644
--- a/doc/man/man5/firewalld.dbus.5
+++ b/doc/man/man5/firewalld.dbus.5
@@ -4,10 +4,10 @@
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\" Date:
.\" Manual: firewalld.dbus
-.\" Source: firewalld 2.3.0
+.\" Source: firewalld 2.3.1
.\" Language: English
.\"
-.TH "FIREWALLD\&.DBUS" "5" "" "firewalld 2.3.0" "firewalld.dbus"
+.TH "FIREWALLD\&.DBUS" "5" "" "firewalld 2.3.1" "firewalld.dbus"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/doc/man/man5/firewalld.direct.5 b/doc/man/man5/firewalld.direct.5
index e0a213bd..138dfed3 100644
--- a/doc/man/man5/firewalld.direct.5
+++ b/doc/man/man5/firewalld.direct.5
@@ -4,10 +4,10 @@
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\" Date:
.\" Manual: firewalld.direct
-.\" Source: firewalld 2.3.0
+.\" Source: firewalld 2.3.1
.\" Language: English
.\"
-.TH "FIREWALLD\&.DIRECT" "5" "" "firewalld 2.3.0" "firewalld.direct"
+.TH "FIREWALLD\&.DIRECT" "5" "" "firewalld 2.3.1" "firewalld.direct"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/doc/man/man5/firewalld.helper.5 b/doc/man/man5/firewalld.helper.5
index f7bd1bd3..7125dca3 100644
--- a/doc/man/man5/firewalld.helper.5
+++ b/doc/man/man5/firewalld.helper.5
@@ -4,10 +4,10 @@
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\" Date:
.\" Manual: firewalld.helper
-.\" Source: firewalld 2.3.0
+.\" Source: firewalld 2.3.1
.\" Language: English
.\"
-.TH "FIREWALLD\&.HELPER" "5" "" "firewalld 2.3.0" "firewalld.helper"
+.TH "FIREWALLD\&.HELPER" "5" "" "firewalld 2.3.1" "firewalld.helper"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/doc/man/man5/firewalld.icmptype.5 b/doc/man/man5/firewalld.icmptype.5
index b9de6b8f..44af071a 100644
--- a/doc/man/man5/firewalld.icmptype.5
+++ b/doc/man/man5/firewalld.icmptype.5
@@ -4,10 +4,10 @@
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\" Date:
.\" Manual: firewalld.icmptype
-.\" Source: firewalld 2.3.0
+.\" Source: firewalld 2.3.1
.\" Language: English
.\"
-.TH "FIREWALLD\&.ICMPTYPE" "5" "" "firewalld 2.3.0" "firewalld.icmptype"
+.TH "FIREWALLD\&.ICMPTYPE" "5" "" "firewalld 2.3.1" "firewalld.icmptype"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/doc/man/man5/firewalld.ipset.5 b/doc/man/man5/firewalld.ipset.5
index 4d3beded..1d56cd4b 100644
--- a/doc/man/man5/firewalld.ipset.5
+++ b/doc/man/man5/firewalld.ipset.5
@@ -4,10 +4,10 @@
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\" Date:
.\" Manual: firewalld.ipset
-.\" Source: firewalld 2.3.0
+.\" Source: firewalld 2.3.1
.\" Language: English
.\"
-.TH "FIREWALLD\&.IPSET" "5" "" "firewalld 2.3.0" "firewalld.ipset"
+.TH "FIREWALLD\&.IPSET" "5" "" "firewalld 2.3.1" "firewalld.ipset"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/doc/man/man5/firewalld.policies.5 b/doc/man/man5/firewalld.policies.5
index 4961e704..8e838564 100644
--- a/doc/man/man5/firewalld.policies.5
+++ b/doc/man/man5/firewalld.policies.5
@@ -4,10 +4,10 @@
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\" Date:
.\" Manual: firewalld.policies
-.\" Source: firewalld 2.3.0
+.\" Source: firewalld 2.3.1
.\" Language: English
.\"
-.TH "FIREWALLD\&.POLICIES" "5" "" "firewalld 2.3.0" "firewalld.policies"
+.TH "FIREWALLD\&.POLICIES" "5" "" "firewalld 2.3.1" "firewalld.policies"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -32,7 +32,7 @@ firewalld.policies \- firewalld policies
.SH "DESCRIPTION"
.SS "What is a policy?"
.PP
-A policy applies a set of rules to traffic flowing between between zones (see zones (see
+A policy applies a set of rules to traffic flowing between zones (see zones (see
\fBfirewalld.zones\fR(5))\&. The policy affects traffic in a stateful unidirectional manner, e\&.g\&. zoneA to zoneB\&. This allows asynchronous filtering policies\&.
.PP
A policy\*(Aqs relationship to zones is defined by assigning a set of ingress zones and a set of egress zones\&. For example, if the set of ingress zones contains "public" and the set of egress zones contains "internal" then the policy will affect all traffic flowing from the "public" zone to the "internal" zone\&. However, since policies are unidirectional it will not apply to traffic flowing from "internal" to "public"\&. Note that the ingress set and egress set can contain multiple zones\&.
diff --git a/doc/man/man5/firewalld.policy.5 b/doc/man/man5/firewalld.policy.5
index 2191e756..068d7241 100644
--- a/doc/man/man5/firewalld.policy.5
+++ b/doc/man/man5/firewalld.policy.5
@@ -4,10 +4,10 @@
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\" Date:
.\" Manual: firewalld.policy
-.\" Source: firewalld 2.3.0
+.\" Source: firewalld 2.3.1
.\" Language: English
.\"
-.TH "FIREWALLD\&.POLICY" "5" "" "firewalld 2.3.0" "firewalld.policy"
+.TH "FIREWALLD\&.POLICY" "5" "" "firewalld 2.3.1" "firewalld.policy"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/doc/man/man5/firewalld.richlanguage.5 b/doc/man/man5/firewalld.richlanguage.5
index 99e3f787..5d6b1cc7 100644
--- a/doc/man/man5/firewalld.richlanguage.5
+++ b/doc/man/man5/firewalld.richlanguage.5
@@ -4,10 +4,10 @@
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\" Date:
.\" Manual: firewalld.richlanguage
-.\" Source: firewalld 2.3.0
+.\" Source: firewalld 2.3.1
.\" Language: English
.\"
-.TH "FIREWALLD\&.RICHLANG" "5" "" "firewalld 2.3.0" "firewalld.richlanguage"
+.TH "FIREWALLD\&.RICHLANG" "5" "" "firewalld 2.3.1" "firewalld.richlanguage"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/doc/man/man5/firewalld.service.5 b/doc/man/man5/firewalld.service.5
index 0a49838a..b10573b0 100644
--- a/doc/man/man5/firewalld.service.5
+++ b/doc/man/man5/firewalld.service.5
@@ -4,10 +4,10 @@
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\" Date:
.\" Manual: firewalld.service
-.\" Source: firewalld 2.3.0
+.\" Source: firewalld 2.3.1
.\" Language: English
.\"
-.TH "FIREWALLD\&.SERVICE" "5" "" "firewalld 2.3.0" "firewalld.service"
+.TH "FIREWALLD\&.SERVICE" "5" "" "firewalld 2.3.1" "firewalld.service"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/doc/man/man5/firewalld.zone.5 b/doc/man/man5/firewalld.zone.5
index 70df8d18..a79d12c0 100644
--- a/doc/man/man5/firewalld.zone.5
+++ b/doc/man/man5/firewalld.zone.5
@@ -4,10 +4,10 @@
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\" Date:
.\" Manual: firewalld.zone
-.\" Source: firewalld 2.3.0
+.\" Source: firewalld 2.3.1
.\" Language: English
.\"
-.TH "FIREWALLD\&.ZONE" "5" "" "firewalld 2.3.0" "firewalld.zone"
+.TH "FIREWALLD\&.ZONE" "5" "" "firewalld 2.3.1" "firewalld.zone"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/doc/man/man5/firewalld.zones.5 b/doc/man/man5/firewalld.zones.5
index a6e9f830..bcc50036 100644
--- a/doc/man/man5/firewalld.zones.5
+++ b/doc/man/man5/firewalld.zones.5
@@ -4,10 +4,10 @@
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\" Date:
.\" Manual: firewalld.zones
-.\" Source: firewalld 2.3.0
+.\" Source: firewalld 2.3.1
.\" Language: English
.\"
-.TH "FIREWALLD\&.ZONES" "5" "" "firewalld 2.3.0" "firewalld.zones"
+.TH "FIREWALLD\&.ZONES" "5" "" "firewalld 2.3.1" "firewalld.zones"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/doc/xml/firewalld.policies.xml b/doc/xml/firewalld.policies.xml
index 78953393..e5a2ccbf 100644
--- a/doc/xml/firewalld.policies.xml
+++ b/doc/xml/firewalld.policies.xml
@@ -42,7 +42,7 @@
<title>What is a policy?</title>
<para>
- A policy applies a set of rules to traffic flowing between
+ A policy applies a set of rules to traffic flowing
between zones (see zones (see <citerefentry>
<refentrytitle>firewalld.zones</refentrytitle>
<manvolnum>5</manvolnum> </citerefentry>). The policy affects
diff --git a/firewalld.spec b/firewalld.spec
index 49897b2a..79caa875 100644
--- a/firewalld.spec
+++ b/firewalld.spec
@@ -1,6 +1,6 @@
Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
Name: firewalld
-Version: 2.3.0
+Version: 2.3.1
Release: 1%{?dist}
URL: http://firewalld.org
License: GPL-2.0-or-later
@@ -257,5 +257,8 @@ fi
%{_mandir}/man1/firewall-config*.1*
%changelog
+* Tue Jun 10 2025 Eric Garver <eric at garver.life> - 2.3.1-1
+- release v2.3.1
+
* Mon Nov 04 2024 Eric Garver <eric at garver.life> - 2.3.0-1
- release v2.3.0
diff --git a/src/firewall-config b/src/firewall-config
index 4aced52b..8d5de628 100755
--- a/src/firewall-config
+++ b/src/firewall-config
@@ -3549,7 +3549,8 @@ class FirewallConfig:
selection.select_iter(iter)
iter = self.serviceDialogServiceStore.iter_next(iter)
- self.serviceDialogOkButton.set_sensitive(False)
+ if old_service:
+ self.serviceDialogOkButton.set_sensitive(False)
self.serviceDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT)
self.serviceDialog.set_transient_for(self.mainWindow)
self.serviceDialog.show_all()
@@ -3699,25 +3700,22 @@ class FirewallConfig:
_("debug"): "debug",
} # 7, debug-level messages
+ rule_params = {}
+
# family
combolabel = self.richRuleDialogFamilyCombobox.get_active_text()
- if combolabel == _("ipv4"):
- rule = rich.Rich_Rule("ipv4") # ipv4 rule
- elif combolabel == _("ipv6"):
- rule = rich.Rich_Rule("ipv6") # ipv6 rule
- else:
- rule = rich.Rich_Rule() # ipv4+ipv6 rule
+ if combolabel in [_("ipv4"), _("ipv6")]:
+ rule_params["family"] = combolabel
# priority
priority = self.richRuleDialogPriorityEntry.get_value_as_int()
- if priority != 0:
- rule.priority = priority
+ rule_params["priority"] = priority
# element
if self.richRuleDialogElementCheck.get_active():
combolabel = self.richRuleDialogElementCombobox.get_active_text()
if combolabel == _("service"):
- rule.element = rich.Rich_Service(
+ rule_params["element"] = rich.Rich_Service(
self.richRuleDialogElementChooser.get_text()
)
elif combolabel == _("port"):
@@ -3729,17 +3727,16 @@ class FirewallConfig:
(port, proto) = text.split("/")
except:
return None
- rule.element = rich.Rich_Port(port, proto)
elif combolabel == _("protocol"):
- rule.element = rich.Rich_Protocol(
+ rule_params["element"] = rich.Rich_Protocol(
self.richRuleDialogElementChooser.get_text()
)
elif combolabel == _("icmp-block"):
- rule.element = rich.Rich_IcmpBlock(
+ rule_params["element"] = rich.Rich_IcmpBlock(
self.richRuleDialogElementChooser.get_text()
)
elif combolabel == _("icmp-type"):
- rule.element = rich.Rich_IcmpType(
+ rule_params["element"] = rich.Rich_IcmpType(
self.richRuleDialogElementChooser.get_text()
)
elif combolabel == _("forward-port"):
@@ -3748,9 +3745,11 @@ class FirewallConfig:
(port, proto, to_port, to_addr) = self.split_fwp_string(text)
except:
return None
- rule.element = rich.Rich_ForwardPort(port, proto, to_port, to_addr)
+ rule_params["element"] = rich.Rich_ForwardPort(
+ port, proto, to_port, to_addr
+ )
elif combolabel == _("masquerade"):
- rule.element = rich.Rich_Masquerade()
+ rule_params["element"] = rich.Rich_Masquerade()
elif combolabel == _("source-port"):
text = self.richRuleDialogElementChooser.get_text()
port = ""
@@ -3760,7 +3759,7 @@ class FirewallConfig:
(port, proto) = text.split("/")
except:
return None
- rule.element = rich.Rich_SourcePort(port, proto)
+ rule_params["element"] = rich.Rich_SourcePort(port, proto)
# action
if (
@@ -3777,19 +3776,19 @@ class FirewallConfig:
limit = rich.Rich_Limit(value)
combolabel = self.richRuleDialogActionCombobox.get_active_text()
if combolabel == _("accept"):
- rule.action = rich.Rich_Accept(limit)
+ rule_params["action"] = rich.Rich_Accept(limit)
elif combolabel == _("reject"):
_type = None
if self.richRuleDialogActionRejectTypeCheck.get_active():
_type = (
self.richRuleDialogActionRejectTypeCombobox.get_active_text()
)
- rule.action = rich.Rich_Reject(_type, limit)
+ rule_params["action"] = rich.Rich_Reject(_type, limit)
elif combolabel == _("drop"):
- rule.action = rich.Rich_Drop(limit)
+ rule_params["action"] = rich.Rich_Drop(limit)
elif combolabel == _("mark"):
_set = self.richRuleDialogActionMarkChooser.get_text()
- rule.action = rich.Rich_Mark(_set, limit)
+ rule_params["action"] = rich.Rich_Mark(_set, limit)
# source
if self.richRuleDialogSourceChooser.is_sensitive() and (
@@ -3804,7 +3803,7 @@ class FirewallConfig:
mac = self.richRuleDialogSourceChooser.get_text()
if txt == "ipset":
ipset = self.richRuleDialogSourceChooser.get_text()
- rule.source = rich.Rich_Source(
+ rule_params["source"] = rich.Rich_Source(
addr, mac, ipset, self.richRuleDialogSourceInvertCheck.get_active()
)
@@ -3813,7 +3812,7 @@ class FirewallConfig:
self.richRuleDialogDestinationChooser.get_text() != ""
or self.richRuleDialogDestinationInvertCheck.get_active()
):
- rule.destination = rich.Rich_Destination(
+ rule_params["destination"] = rich.Rich_Destination(
self.richRuleDialogDestinationChooser.get_text(),
None,
invert=self.richRuleDialogDestinationInvertCheck.get_active(),
@@ -3834,7 +3833,7 @@ class FirewallConfig:
limit = rich.Rich_Limit(value)
level = self.richRuleDialogLogLevelCombobox.get_active_text()
- rule.log = rich.Rich_Log(
+ rule_params["log"] = rich.Rich_Log(
self.richRuleDialogLogPrefixEntry.get_text(), loglevel[level], limit
)
@@ -3851,9 +3850,9 @@ class FirewallConfig:
self.richRuleDialogAuditLimitDurationCombobox.get_active_text()
]
limit = rich.Rich_Limit(value)
- rule.audit = rich.Rich_Audit(limit)
+ rule_params["audit"] = rich.Rich_Audit(limit)
- return rule
+ return rich.Rich_Rule(**rule_params)
def on_richRuleDialogFamilyCombobox_changed(self, *args):
combolabel = self.richRuleDialogFamilyCombobox.get_active_text()
@@ -3988,6 +3987,14 @@ class FirewallConfig:
self.richRuleDialogActionCheck.set_sensitive(False)
self.richRuleDialogActionBox.set_sensitive(False)
+ if (
+ self.richRuleDialogElementChooser.is_sensitive()
+ and not self.richRuleDialogElementChooser.get_text()
+ ):
+ self.richRuleDialogOkButton.set_sensitive(False)
+ self.richRuleDialogOkButton.set_tooltip_text(_("invalid element"))
+ return
+
rule = self.richRuleDialog_getRule()
try:
rule.check()
diff --git a/src/firewall-config.in b/src/firewall-config.in
index 02e9ae9c..0fb5fc8e 100755
--- a/src/firewall-config.in
+++ b/src/firewall-config.in
@@ -3549,7 +3549,8 @@ class FirewallConfig:
selection.select_iter(iter)
iter = self.serviceDialogServiceStore.iter_next(iter)
- self.serviceDialogOkButton.set_sensitive(False)
+ if old_service:
+ self.serviceDialogOkButton.set_sensitive(False)
self.serviceDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT)
self.serviceDialog.set_transient_for(self.mainWindow)
self.serviceDialog.show_all()
@@ -3699,25 +3700,22 @@ class FirewallConfig:
_("debug"): "debug",
} # 7, debug-level messages
+ rule_params = {}
+
# family
combolabel = self.richRuleDialogFamilyCombobox.get_active_text()
- if combolabel == _("ipv4"):
- rule = rich.Rich_Rule("ipv4") # ipv4 rule
- elif combolabel == _("ipv6"):
- rule = rich.Rich_Rule("ipv6") # ipv6 rule
- else:
- rule = rich.Rich_Rule() # ipv4+ipv6 rule
+ if combolabel in [_("ipv4"), _("ipv6")]:
+ rule_params["family"] = combolabel
# priority
priority = self.richRuleDialogPriorityEntry.get_value_as_int()
- if priority != 0:
- rule.priority = priority
+ rule_params["priority"] = priority
# element
if self.richRuleDialogElementCheck.get_active():
combolabel = self.richRuleDialogElementCombobox.get_active_text()
if combolabel == _("service"):
- rule.element = rich.Rich_Service(
+ rule_params["element"] = rich.Rich_Service(
self.richRuleDialogElementChooser.get_text()
)
elif combolabel == _("port"):
@@ -3729,17 +3727,16 @@ class FirewallConfig:
(port, proto) = text.split("/")
except:
return None
- rule.element = rich.Rich_Port(port, proto)
elif combolabel == _("protocol"):
- rule.element = rich.Rich_Protocol(
+ rule_params["element"] = rich.Rich_Protocol(
self.richRuleDialogElementChooser.get_text()
)
elif combolabel == _("icmp-block"):
- rule.element = rich.Rich_IcmpBlock(
+ rule_params["element"] = rich.Rich_IcmpBlock(
self.richRuleDialogElementChooser.get_text()
)
elif combolabel == _("icmp-type"):
- rule.element = rich.Rich_IcmpType(
+ rule_params["element"] = rich.Rich_IcmpType(
self.richRuleDialogElementChooser.get_text()
)
elif combolabel == _("forward-port"):
@@ -3748,9 +3745,11 @@ class FirewallConfig:
(port, proto, to_port, to_addr) = self.split_fwp_string(text)
except:
return None
- rule.element = rich.Rich_ForwardPort(port, proto, to_port, to_addr)
+ rule_params["element"] = rich.Rich_ForwardPort(
+ port, proto, to_port, to_addr
+ )
elif combolabel == _("masquerade"):
- rule.element = rich.Rich_Masquerade()
+ rule_params["element"] = rich.Rich_Masquerade()
elif combolabel == _("source-port"):
text = self.richRuleDialogElementChooser.get_text()
port = ""
@@ -3760,7 +3759,7 @@ class FirewallConfig:
(port, proto) = text.split("/")
except:
return None
- rule.element = rich.Rich_SourcePort(port, proto)
+ rule_params["element"] = rich.Rich_SourcePort(port, proto)
# action
if (
@@ -3777,19 +3776,19 @@ class FirewallConfig:
limit = rich.Rich_Limit(value)
combolabel = self.richRuleDialogActionCombobox.get_active_text()
if combolabel == _("accept"):
- rule.action = rich.Rich_Accept(limit)
+ rule_params["action"] = rich.Rich_Accept(limit)
elif combolabel == _("reject"):
_type = None
if self.richRuleDialogActionRejectTypeCheck.get_active():
_type = (
self.richRuleDialogActionRejectTypeCombobox.get_active_text()
)
- rule.action = rich.Rich_Reject(_type, limit)
+ rule_params["action"] = rich.Rich_Reject(_type, limit)
elif combolabel == _("drop"):
- rule.action = rich.Rich_Drop(limit)
+ rule_params["action"] = rich.Rich_Drop(limit)
elif combolabel == _("mark"):
_set = self.richRuleDialogActionMarkChooser.get_text()
- rule.action = rich.Rich_Mark(_set, limit)
+ rule_params["action"] = rich.Rich_Mark(_set, limit)
# source
if self.richRuleDialogSourceChooser.is_sensitive() and (
@@ -3804,7 +3803,7 @@ class FirewallConfig:
mac = self.richRuleDialogSourceChooser.get_text()
if txt == "ipset":
ipset = self.richRuleDialogSourceChooser.get_text()
- rule.source = rich.Rich_Source(
+ rule_params["source"] = rich.Rich_Source(
addr, mac, ipset, self.richRuleDialogSourceInvertCheck.get_active()
)
@@ -3813,7 +3812,7 @@ class FirewallConfig:
self.richRuleDialogDestinationChooser.get_text() != ""
or self.richRuleDialogDestinationInvertCheck.get_active()
):
- rule.destination = rich.Rich_Destination(
+ rule_params["destination"] = rich.Rich_Destination(
self.richRuleDialogDestinationChooser.get_text(),
None,
invert=self.richRuleDialogDestinationInvertCheck.get_active(),
@@ -3834,7 +3833,7 @@ class FirewallConfig:
limit = rich.Rich_Limit(value)
level = self.richRuleDialogLogLevelCombobox.get_active_text()
- rule.log = rich.Rich_Log(
+ rule_params["log"] = rich.Rich_Log(
self.richRuleDialogLogPrefixEntry.get_text(), loglevel[level], limit
)
@@ -3851,9 +3850,9 @@ class FirewallConfig:
self.richRuleDialogAuditLimitDurationCombobox.get_active_text()
]
limit = rich.Rich_Limit(value)
- rule.audit = rich.Rich_Audit(limit)
+ rule_params["audit"] = rich.Rich_Audit(limit)
- return rule
+ return rich.Rich_Rule(**rule_params)
def on_richRuleDialogFamilyCombobox_changed(self, *args):
combolabel = self.richRuleDialogFamilyCombobox.get_active_text()
@@ -3988,6 +3987,14 @@ class FirewallConfig:
self.richRuleDialogActionCheck.set_sensitive(False)
self.richRuleDialogActionBox.set_sensitive(False)
+ if (
+ self.richRuleDialogElementChooser.is_sensitive()
+ and not self.richRuleDialogElementChooser.get_text()
+ ):
+ self.richRuleDialogOkButton.set_sensitive(False)
+ self.richRuleDialogOkButton.set_tooltip_text(_("invalid element"))
+ return
+
rule = self.richRuleDialog_getRule()
try:
rule.check()
diff --git a/src/firewall/config/__init__.py b/src/firewall/config/__init__.py
index fd05c836..4d9ff412 100644
--- a/src/firewall/config/__init__.py
+++ b/src/firewall/config/__init__.py
@@ -30,7 +30,7 @@ APPLET_NAME = "firewall-applet"
DATADIR = "/usr/share/" + DAEMON_NAME
CONFIG_GLADE_NAME = CONFIG_NAME + ".glade"
COPYRIGHT = "(C) 2010-2017 Red Hat, Inc."
-VERSION = "2.3.0"
+VERSION = "2.3.1"
AUTHORS = [
"Thomas Woerner <twoerner at redhat.com>",
"Jiri Popelka <jpopelka at redhat.com>",
diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py
index 4f0da0ed..bf7c109a 100644
--- a/src/firewall/core/fw.py
+++ b/src/firewall/core/fw.py
@@ -272,22 +272,6 @@ class Firewall:
raise FirewallError(errors.UNKNOWN_ERROR, "No IPv4 and IPv6 firewall.")
def _start_probe_backends(self):
- try:
- self.ipset_backend.set_list()
- except ValueError:
- if self.nftables_enabled:
- log.info1(
- "ipset not usable, disabling ipset usage in firewall. Other set backends (nftables) remain usable."
- )
- else:
- log.warning("ipset not usable, disabling ipset usage in firewall.")
- self.ipset_supported_types = []
- # ipset is not usable
- self.ipset_enabled = False
- else:
- # ipset is usable, get all supported types
- self.ipset_supported_types = self.ipset_backend.set_supported_types()
-
self.ip4tables_backend.fill_exists()
if not self.ip4tables_backend.restore_command_exists:
if self.ip4tables_backend.command_exists:
diff --git a/src/firewall/core/io/policy.py b/src/firewall/core/io/policy.py
index c890cc0c..92827271 100644
--- a/src/firewall/core/io/policy.py
+++ b/src/firewall/core/io/policy.py
@@ -496,6 +496,22 @@ def common_check_config(obj, config, item, all_config, all_io_objects):
obj_type, obj.name, obj_rich.element.name
),
)
+ elif obj_rich.source and obj_rich.source.ipset:
+ if obj_rich.source.ipset not in all_io_objects["ipsets"]:
+ raise FirewallError(
+ errors.INVALID_IPSET,
+ "{} '{}': '{}' not among existing ipsets".format(
+ obj_type, obj.name, obj_rich.source.ipset
+ ),
+ )
+ elif obj_rich.destination and obj_rich.destination.ipset:
+ if obj_rich.destination.ipset not in all_io_objects["ipsets"]:
+ raise FirewallError(
+ errors.INVALID_IPSET,
+ "{} '{}': '{}' not among existing ipsets".format(
+ obj_type, obj.name, obj_rich.destination.ipset
+ ),
+ )
def _handler_add_rich_limit(handler, limit):
diff --git a/src/firewall/core/ipset.py b/src/firewall/core/ipset.py
index 2944dc23..fcf34a64 100644
--- a/src/firewall/core/ipset.py
+++ b/src/firewall/core/ipset.py
@@ -77,27 +77,6 @@ class ipset:
errors.INVALID_NAME, "ipset name '%s' is not valid" % name
)
- def set_supported_types(self):
- """Return types that are supported by the ipset command and kernel"""
- ret = []
- output = ""
- try:
- output = self.__run(["--help"])
- except ValueError as ex:
- log.debug1("ipset error: %s" % ex)
- lines = output.splitlines()
-
- in_types = False
- for line in lines:
- # print(line)
- if in_types:
- splits = line.strip().split(None, 2)
- if splits[0] not in ret and splits[0] in IPSET_TYPES:
- ret.append(splits[0])
- if line.startswith("Supported set types:"):
- in_types = True
- return ret
-
def check_type(self, type_name):
"""Check ipset type"""
if len(type_name) > IPSET_MAXNAMELEN or type_name not in IPSET_TYPES:
diff --git a/src/firewall/server/config.py b/src/firewall/server/config.py
index eb31789b..24c9baed 100644
--- a/src/firewall/server/config.py
+++ b/src/firewall/server/config.py
@@ -627,6 +627,7 @@ class FirewallDConfig(DbusServiceObject):
else:
return dbus.String("no")
elif prop == "IPv6_rpfilter2":
+ value = self.config.get_firewalld_conf().get("IPv6_rpfilter")
if value is None:
value = config.FALLBACK_IPV6_RPFILTER
return dbus.String(value)
@@ -766,28 +767,32 @@ class FirewallDConfig(DbusServiceObject):
errors.INVALID_VALUE,
"'%s' for %s" % (new_value, property_name),
)
+ config_name = property_name
elif property_name == "LogDenied":
if new_value not in config.LOG_DENIED_VALUES:
raise FirewallError(
errors.INVALID_VALUE,
"'%s' for %s" % (new_value, property_name),
)
+ config_name = property_name
elif property_name == "FirewallBackend":
if new_value not in config.FIREWALL_BACKEND_VALUES:
raise FirewallError(
errors.INVALID_VALUE,
"'%s' for %s" % (new_value, property_name),
)
+ config_name = property_name
elif property_name == "IPv6_rpfilter2":
if new_value not in config.IPV6_RPFILTER_VALUES:
raise FirewallError(
errors.INVALID_VALUE,
"'%s' for %s" % (new_value, property_name),
)
+ config_name = "IPv6_rpfilter"
else:
raise errors.BugError(f'Unhandled property_name "{property_name}"')
- self.config.get_firewalld_conf().set(property_name, new_value)
+ self.config.get_firewalld_conf().set(config_name, new_value)
self.config.get_firewalld_conf().write()
self.PropertiesChanged(interface_name, {property_name: new_value}, [])
elif interface_name in [
diff --git a/src/tests/features/nftables_table_owner.at b/src/tests/features/nftables_table_owner.at
index abc946da..dd9c3dee 100644
--- a/src/tests/features/nftables_table_owner.at
+++ b/src/tests/features/nftables_table_owner.at
@@ -7,32 +7,21 @@ FWD_RELOAD()
AT_SKIP_IF([grep "Configuration has NftablesTableOwner=True, but it's not supported by nftables." ./firewalld.log])
-NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | head -n 2], 0, [m4_strip([dnl
- table inet firewalld { # progname firewalld
- flags owner,persist
-])])
+dnl Make sure it's initially working
+dnl
+NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | grep "flags owner,persist"], 0, [ignore])
dnl Test the transitions from On to Off
dnl
-
AT_CHECK([sed -i 's/^NftablesTableOwner=.*/NftablesTableOwner=no/' ./firewalld.conf])
FWD_RELOAD()
-
-NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | head -n 2], 0, [m4_strip([dnl
- table inet firewalld {
- chain mangle_PREROUTING {
-])])
+NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | grep "flags owner,persist"], 1)
dnl Test the transitions from Off to On
dnl
-
AT_CHECK([sed -i 's/^NftablesTableOwner=.*/NftablesTableOwner=yes/' ./firewalld.conf])
FWD_RELOAD()
-
-NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | head -n 2], 0, [m4_strip([dnl
- table inet firewalld { # progname firewalld
- flags owner,persist
-])])
+NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | grep "flags owner,persist"], 0, [ignore])
FWD_END_TEST()
])
diff --git a/src/tests/features/rpfilter.at b/src/tests/features/rpfilter.at
index 0ae6de3b..a0771ff4 100644
--- a/src/tests/features/rpfilter.at
+++ b/src/tests/features/rpfilter.at
@@ -123,17 +123,46 @@ NFT_LIST_RULES([inet], [filter_PREROUTING], 0, [dnl
FWD_END_TEST([-e "/^ERROR: INVALID_VALUE:/d"])
FWD_START_TEST([rpfilter - config values])
-AT_KEYWORDS(rpfilter)
+AT_KEYWORDS(rpfilter RHEL-72937)
CHECK_NFTABLES_FIB()
-dnl Verify other/deprecated configuration values are accepted.
+dnl Verify all configuration values are accepted.
dnl
-m4_foreach([VALUE], [[no], [yes], [false], [true]], [
+m4_foreach([VALUE], [[no], [yes], [false], [true], [strict], [loose]], [
AT_CHECK([sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=VALUE/' ./firewalld.conf])
FWD_RELOAD()
+ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [
+ DBUS_GET([config], [config], [string:"IPv6_rpfilter2"], 0, [dnl
+ variant string "VALUE"
+ ])
+ ])
])
+
dnl And a bogus one.
AT_CHECK([sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=bogus/' ./firewalld.conf])
FWD_RELOAD()
FWD_END_TEST([-e "/^WARNING: IPv6_rpfilter 'bogus' is not valid/d"])
+
+FWD_START_TEST([rpfilter - config values, -forward])
+AT_KEYWORDS(rpfilter RHEL-72937)
+CHECK_NFTABLES_FIB()
+CHECK_NFTABLES_FIB_IN_FORWARD()
+
+dnl These are not valid for iptables.
+dnl
+m4_foreach([VALUE], [[strict-forward], [loose-forward]], [
+ AT_CHECK([sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=VALUE/' ./firewalld.conf])
+ m4_if(iptables, FIREWALL_BACKEND, [
+ FWD_RELOAD(114, [ignore], [ignore])
+ ], [
+ FWD_RELOAD()
+ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [
+ DBUS_GET([config], [config], [string:"IPv6_rpfilter2"], 0, [dnl
+ variant string "VALUE"
+ ])
+ ])
+ ])
+])
+
+FWD_END_TEST([-e "/^ERROR: INVALID_VALUE:.*is incompatible with FirewallBackend=iptables."])
diff --git a/src/tests/integration/testsuite b/src/tests/integration/testsuite
index 681852d2..703c10a8 100755
--- a/src/tests/integration/testsuite
+++ b/src/tests/integration/testsuite
@@ -932,7 +932,7 @@ fi
# List of tests.
if $at_list_p; then
cat <<_ATEOF || at_write_fail=1
-firewalld 2.3.0 test suite test groups:
+firewalld 2.3.1 test suite test groups:
NUM: FILE-NAME:LINE TEST-GROUP-NAME
KEYWORDS
@@ -973,7 +973,7 @@ _ATEOF
exit $at_write_fail
fi
if $at_version_p; then
- printf "%s\n" "$as_me (firewalld 2.3.0)" &&
+ printf "%s\n" "$as_me (firewalld 2.3.1)" &&
cat <<\_ATEOF || at_write_fail=1
Copyright (C) 2021 Free Software Foundation, Inc.
@@ -1173,11 +1173,11 @@ exec 5>>"$at_suite_log"
# Banners and logs.
printf "%s\n" "## --------------------------- ##
-## firewalld 2.3.0 test suite. ##
+## firewalld 2.3.1 test suite. ##
## --------------------------- ##"
{
printf "%s\n" "## --------------------------- ##
-## firewalld 2.3.0 test suite. ##
+## firewalld 2.3.1 test suite. ##
## --------------------------- ##"
echo
@@ -1994,7 +1994,7 @@ _ASBOX
printf "%s\n" "Please send $at_msg and all information you think might help:
To: <https://github.com/firewalld/firewalld>
- Subject: [firewalld 2.3.0] $as_me: $at_msg1$at_msg2
+ Subject: [firewalld 2.3.1] $as_me: $at_msg1$at_msg2
You may investigate any problem if you feel able to do so, in which
case the test suite provides a good starting point. Its output may
diff --git a/src/tests/package.m4 b/src/tests/package.m4
index f0795e34..75f77217 100644
--- a/src/tests/package.m4
+++ b/src/tests/package.m4
@@ -1,5 +1,5 @@
m4_define([AT_PACKAGE_NAME],[firewalld])
-m4_define([AT_PACKAGE_VERSION],[2.3.0])
-m4_define([AT_PACKAGE_STRING],[firewalld 2.3.0])
+m4_define([AT_PACKAGE_VERSION],[2.3.1])
+m4_define([AT_PACKAGE_STRING],[firewalld 2.3.1])
m4_define([AT_PACKAGE_URL],[http://firewalld.org/])
m4_define([AT_PACKAGE_BUGREPORT],[https://github.com/firewalld/firewalld])
diff --git a/src/tests/regression/RHEL-67103.at b/src/tests/regression/RHEL-67103.at
new file mode 100644
index 00000000..0cca7172
--- /dev/null
+++ b/src/tests/regression/RHEL-67103.at
@@ -0,0 +1,34 @@
+FWD_START_TEST([rich rule invalid ipset])
+AT_KEYWORDS(rich ipset RHEL-67103 RHEL-67331)
+
+dnl valid ipset
+FWD_CHECK([--permanent --new-ipset thisexists --type=hash:net], 0, [ignore])
+FWD_CHECK([--permanent --add-rich-rule="rule family=ipv4 source ipset=thisexists accept"], 0, [ignore])
+FWD_CHECK([--permanent --add-rich-rule="rule family=ipv4 destination ipset=thisexists accept"], 0, [ignore])
+FWD_RELOAD()
+
+dnl invalid ipset
+FWD_CHECK([ --add-rich-rule="rule family=ipv4 source ipset=doesnotexist accept"], 135, [ignore], [ignore])
+FWD_CHECK([--permanent --add-rich-rule="rule family=ipv4 source ipset=doesnotexist accept"], 135, [ignore], [ignore])
+FWD_CHECK([ --add-rich-rule="rule family=ipv4 destination ipset=doesnotexist accept"], 135, [ignore], [ignore])
+FWD_CHECK([--permanent --add-rich-rule="rule family=ipv4 destination ipset=doesnotexist accept"], 135, [ignore], [ignore])
+
+dnl verify checks for manually added XML
+AT_DATA([./zones/broken.xml], [m4_strip([dnl
+ <?xml version="1.0" encoding="utf-8"?>
+ <zone>
+ <short>broken</short>
+ <rule family="ipv4">
+ <source ipset="doesnotexist"/>
+ <accept/>
+ </rule>
+ <rule family="ipv4">
+ <destination ipset="doesnotexist"/>
+ <accept/>
+ </rule>
+ <forward/>
+ </zone>
+])])
+FWD_RELOAD(135, [ignore], [ignore])
+
+FWD_END_TEST([-e '/ERROR: INVALID_IPSET/d'])
diff --git a/src/tests/regression/ipset_scale.at b/src/tests/regression/ipset_scale.at
index 14bf4001..f544cc9c 100644
--- a/src/tests/regression/ipset_scale.at
+++ b/src/tests/regression/ipset_scale.at
@@ -1,5 +1,5 @@
FWD_START_TEST([ipset scale], 307200)
-AT_KEYWORDS(ipset gh738)
+AT_KEYWORDS(ipset gh738 scale)
dnl Create a huge ipset
diff --git a/src/tests/regression/regression.at b/src/tests/regression/regression.at
index 6b8f816b..bba49268 100644
--- a/src/tests/regression/regression.at
+++ b/src/tests/regression/regression.at
@@ -61,3 +61,4 @@ m4_include([regression/rhbz2222044.at])
m4_include([regression/gh1229.at])
m4_include([regression/gh1278.at])
m4_include([regression/gh1406.at])
+m4_include([regression/RHEL-67103.at])
diff --git a/src/tests/regression/rhbz1871298.at b/src/tests/regression/rhbz1871298.at
index 3a40e2a5..e9fcfe69 100644
--- a/src/tests/regression/rhbz1871298.at
+++ b/src/tests/regression/rhbz1871298.at
@@ -1,5 +1,5 @@
FWD_START_TEST([rich rule parsing bottleneck])
-AT_KEYWORDS(rich offline rhbz1871298)
+AT_KEYWORDS(rich offline rhbz1871298 scale)
AT_SKIP_IF([! NS_CMD([which timeout >/dev/null 2>&1])])
diff --git a/src/tests/testsuite b/src/tests/testsuite
index b39a3a1f..03ba5f70 100755
--- a/src/tests/testsuite
+++ b/src/tests/testsuite
@@ -671,305 +671,310 @@ at_help_all="1;firewall-cmd.at:5;basic options;offline cli/firewall-cmd.at:5 cli
59;rpfilter.at:27;rpfilter - loose;offline features/rpfilter.at:27 features/rpfilter.at rpfilter.at:27 rpfilter.at rpfilter features;
60;rpfilter.at:53;rpfilter - strict-forward;offline features/rpfilter.at:53 features/rpfilter.at rpfilter.at:53 rpfilter.at rpfilter features;
61;rpfilter.at:89;rpfilter - loose-forward;offline features/rpfilter.at:89 features/rpfilter.at rpfilter.at:89 rpfilter.at rpfilter features;
-62;rpfilter.at:125;rpfilter - config values;offline features/rpfilter.at:125 features/rpfilter.at rpfilter.at:125 rpfilter.at rpfilter features;
-63;zone_combine.at:1;zone - combine;offline features/zone_combine.at:1 features/zone_combine.at zone_combine.at:1 zone_combine.at zone_combine features zone;
-64;ipset_defer_native_ipset_creation.at:1;ipset defer native creation;offline features/ipset_defer_native_ipset_creation.at:1 features/ipset_defer_native_ipset_creation.at ipset_defer_native_ipset_creation.at:1 ipset_defer_native_ipset_creation.at ipset_defer_native_ipset_creation features ipset direct rhbz2122678;
-65;reset_defaults.at:1;reset defaults;offline features/reset_defaults.at:1 features/reset_defaults.at reset_defaults.at:1 reset_defaults.at reset_defaults features reset;
-66;zone_priority.at:1;zone - priority;offline features/zone_priority.at:1 features/zone_priority.at zone_priority.at:1 zone_priority.at zone_priority features zone;
-67;reloadpolicy.at:1;check ReloadPolicy;offline features/reloadpolicy.at:1 features/reloadpolicy.at reloadpolicy.at:1 reloadpolicy.at reloadpolicy features rhbz2149039;
-68;strict_forward_ports.at:1;strict forward ports;offline features/strict_forward_ports.at:1 features/strict_forward_ports.at strict_forward_ports.at:1 strict_forward_ports.at strict_forward_ports features forward_port gh869 gh1380;
-69;firewall-offline-cmd.at:19;lokkit migration;offline cli/firewall-offline-cmd.at:19 cli/firewall-offline-cmd.at firewall-offline-cmd.at:19 firewall-offline-cmd.at firewall-offline-cmd cli lokkit;
-70;firewalld.conf.at:1;firewalld.conf;nftables dbus/firewalld.conf.at:1 dbus/firewalld.conf.at firewalld.conf.at:1 firewalld.conf.at firewalld.conf dbus;
-71;service.at:1;dbus api - services;nftables dbus/service.at:1 dbus/service.at service.at:1 service.at service dbus rhbz1721414 rhbz1737045 gh514;
-72;zone_permanent_signatures.at:1;dbus api - zone permanent signatures;nftables dbus/zone_permanent_signatures.at:1 dbus/zone_permanent_signatures.at zone_permanent_signatures.at:1 zone_permanent_signatures.at zone_permanent_signatures dbus zone gh586 gh613;
-73;zone_runtime_signatures.at:1;dbus api - zone runtime signatures;nftables dbus/zone_runtime_signatures.at:1 dbus/zone_runtime_signatures.at zone_runtime_signatures.at:1 zone_runtime_signatures.at zone_runtime_signatures dbus zone gh586 gh613;
-74;zone_permanent_functional.at:1;dbus api - zone permanent functional;nftables dbus/zone_permanent_functional.at:1 dbus/zone_permanent_functional.at zone_permanent_functional.at:1 zone_permanent_functional.at zone_permanent_functional dbus zone gh586 gh613;
-75;zone_runtime_functional.at:1;dbus api - zone runtime functional;nftables dbus/zone_runtime_functional.at:1 dbus/zone_runtime_functional.at zone_runtime_functional.at:1 zone_runtime_functional.at zone_runtime_functional dbus zone gh586 gh613;
-76;policy_permanent_signatures.at:1;dbus api - policy permanent signatures;nftables dbus/policy_permanent_signatures.at:1 dbus/policy_permanent_signatures.at policy_permanent_signatures.at:1 policy_permanent_signatures.at policy_permanent_signatures dbus policy;
-77;policy_runtime_signatures.at:1;dbus api - policy runtime signatures;nftables dbus/policy_runtime_signatures.at:1 dbus/policy_runtime_signatures.at policy_runtime_signatures.at:1 policy_runtime_signatures.at policy_runtime_signatures dbus policy;
-78;policy_permanent_functional.at:1;dbus api - policy permanent functional;nftables dbus/policy_permanent_functional.at:1 dbus/policy_permanent_functional.at policy_permanent_functional.at:1 policy_permanent_functional.at policy_permanent_functional dbus policy;
-79;policy_runtime_functional.at:1;dbus api - policy runtime functional;nftables dbus/policy_runtime_functional.at:1 dbus/policy_runtime_functional.at policy_runtime_functional.at:1 policy_runtime_functional.at policy_runtime_functional dbus policy;
-80;direct.at:1;dbus api - direct signatures;nftables dbus/direct.at:1 dbus/direct.at direct.at:1 direct.at direct dbus;
-81;lockdown.at:1;dbus api - lockdown signatures;nftables dbus/lockdown.at:1 dbus/lockdown.at lockdown.at:1 lockdown.at lockdown dbus;
-82;firewall-cmd.at:5;basic options;nftables cli/firewall-cmd.at:5 cli/firewall-cmd.at firewall-cmd.at:5 firewall-cmd.at firewall-cmd cli panic reload gh808;
-83;firewall-cmd.at:34;get/list options;nftables cli/firewall-cmd.at:34 cli/firewall-cmd.at firewall-cmd.at:34 firewall-cmd.at firewall-cmd cli zone service icmp;
-84;firewall-cmd.at:50;default zone;nftables cli/firewall-cmd.at:50 cli/firewall-cmd.at firewall-cmd.at:50 firewall-cmd.at firewall-cmd cli zone;
-85;firewall-cmd.at:62;user zone;nftables cli/firewall-cmd.at:62 cli/firewall-cmd.at firewall-cmd.at:62 firewall-cmd.at firewall-cmd cli zone;
-86;firewall-cmd.at:82;zone interfaces;nftables cli/firewall-cmd.at:82 cli/firewall-cmd.at firewall-cmd.at:82 firewall-cmd.at firewall-cmd cli zone;
-87;firewall-cmd.at:170;zone sources;nftables cli/firewall-cmd.at:170 cli/firewall-cmd.at firewall-cmd.at:170 firewall-cmd.at firewall-cmd cli zone;
-88;firewall-cmd.at:223;services;nftables cli/firewall-cmd.at:223 cli/firewall-cmd.at firewall-cmd.at:223 firewall-cmd.at firewall-cmd cli service;
-89;firewall-cmd.at:267;user services;nftables cli/firewall-cmd.at:267 cli/firewall-cmd.at firewall-cmd.at:267 firewall-cmd.at firewall-cmd cli service;
-90;firewall-cmd.at:349;ports;nftables cli/firewall-cmd.at:349 cli/firewall-cmd.at firewall-cmd.at:349 firewall-cmd.at firewall-cmd cli port;
-91;firewall-cmd.at:406;source ports;nftables cli/firewall-cmd.at:406 cli/firewall-cmd.at firewall-cmd.at:406 firewall-cmd.at firewall-cmd cli port;
-92;firewall-cmd.at:443;protocols;nftables cli/firewall-cmd.at:443 cli/firewall-cmd.at firewall-cmd.at:443 firewall-cmd.at firewall-cmd cli protocol;
-93;firewall-cmd.at:471;masquerade;nftables cli/firewall-cmd.at:471 cli/firewall-cmd.at firewall-cmd.at:471 firewall-cmd.at firewall-cmd cli masquerade nat;
-94;firewall-cmd.at:498;forward;nftables cli/firewall-cmd.at:498 cli/firewall-cmd.at firewall-cmd.at:498 firewall-cmd.at firewall-cmd cli forward gh586 gh613;
-95;firewall-cmd.at:686;forward ports;nftables cli/firewall-cmd.at:686 cli/firewall-cmd.at firewall-cmd.at:686 firewall-cmd.at firewall-cmd cli port forward_port;
-96;firewall-cmd.at:785;ICMP block;nftables cli/firewall-cmd.at:785 cli/firewall-cmd.at firewall-cmd.at:785 firewall-cmd.at firewall-cmd cli icmp;
-97;firewall-cmd.at:831;user ICMP types;nftables cli/firewall-cmd.at:831 cli/firewall-cmd.at firewall-cmd.at:831 firewall-cmd.at firewall-cmd cli icmp;
-98;firewall-cmd.at:854;ipset;nftables cli/firewall-cmd.at:854 cli/firewall-cmd.at firewall-cmd.at:854 firewall-cmd.at firewall-cmd cli ipset rhbz1685256;
-99;firewall-cmd.at:1063;user helpers;nftables cli/firewall-cmd.at:1063 cli/firewall-cmd.at firewall-cmd.at:1063 firewall-cmd.at firewall-cmd cli helper;
-100;firewall-cmd.at:1091;direct;nftables cli/firewall-cmd.at:1091 cli/firewall-cmd.at firewall-cmd.at:1091 firewall-cmd.at firewall-cmd cli direct;
-101;firewall-cmd.at:1165;direct nat;nftables cli/firewall-cmd.at:1165 cli/firewall-cmd.at firewall-cmd.at:1165 firewall-cmd.at firewall-cmd cli direct nat;
-102;firewall-cmd.at:1190;direct passthrough;nftables cli/firewall-cmd.at:1190 cli/firewall-cmd.at firewall-cmd.at:1190 firewall-cmd.at firewall-cmd cli direct passthrough;
-103;firewall-cmd.at:1228;direct ebtables;nftables cli/firewall-cmd.at:1228 cli/firewall-cmd.at firewall-cmd.at:1228 firewall-cmd.at firewall-cmd cli direct ebtables;
-104;firewall-cmd.at:1274;lockdown;nftables cli/firewall-cmd.at:1274 cli/firewall-cmd.at firewall-cmd.at:1274 firewall-cmd.at firewall-cmd cli lockdown;
-105;firewall-cmd.at:1369;rich rules good;nftables cli/firewall-cmd.at:1369 cli/firewall-cmd.at firewall-cmd.at:1369 firewall-cmd.at firewall-cmd cli rich;
-106;firewall-cmd.at:1403;rich rules audit;nftables cli/firewall-cmd.at:1403 cli/firewall-cmd.at firewall-cmd.at:1403 firewall-cmd.at firewall-cmd cli rich;
-107;firewall-cmd.at:1411;rich rules priority;nftables cli/firewall-cmd.at:1411 cli/firewall-cmd.at firewall-cmd.at:1411 firewall-cmd.at firewall-cmd cli rich;
-108;firewall-cmd.at:1966;rich rules bad;nftables cli/firewall-cmd.at:1966 cli/firewall-cmd.at firewall-cmd.at:1966 firewall-cmd.at firewall-cmd cli rich;
-109;firewall-cmd.at:2009;config validation;nftables cli/firewall-cmd.at:2009 cli/firewall-cmd.at firewall-cmd.at:2009 firewall-cmd.at firewall-cmd cli check_config;
-110;rhbz1514043.at:1;--set-log-denied does not zero config;nftables regression/rhbz1514043.at:1 regression/rhbz1514043.at rhbz1514043.at:1 rhbz1514043.at rhbz1514043 regression log_denied;
-111;rhbz1498923.at:1;invalid direct rule causes reload error;nftables regression/rhbz1498923.at:1 regression/rhbz1498923.at rhbz1498923.at:1 rhbz1498923.at rhbz1498923 regression direct reload;
-112;pr181.at:1;combined zones name length check;nftables regression/pr181.at:1 regression/pr181.at pr181.at:1 pr181.at pr181 regression zone gh181;
-113;gh287.at:1;ICMP block inversion;nftables regression/gh287.at:1 regression/gh287.at gh287.at:1 gh287.at gh287 regression icmp;
-114;individual_calls.at:1;individual calls;nftables regression/individual_calls.at:1 regression/individual_calls.at individual_calls.at:1 individual_calls.at individual_calls regression;
-115;rhbz1534571.at:3;rule deduplication;nftables regression/rhbz1534571.at:3 regression/rhbz1534571.at rhbz1534571.at:3 rhbz1534571.at rhbz1534571 regression;
-116;gh290.at:1;invalid syntax in xml files;nftables regression/gh290.at:1 regression/gh290.at gh290.at:1 gh290.at gh290 regression xml direct;
-117;gh290.at:19;invalid syntax in xml files;nftables regression/gh290.at:19 regression/gh290.at gh290.at:19 gh290.at gh290 regression xml zone;
-118;icmp_block_in_forward_chain.at:1;ICMP block not present FORWARD chain;nftables regression/icmp_block_in_forward_chain.at:1 regression/icmp_block_in_forward_chain.at icmp_block_in_forward_chain.at:1 icmp_block_in_forward_chain.at icmp_block_in_forward_chain regression icmp;
-119;pr323.at:1;GRE proto helper;nftables regression/pr323.at:1 regression/pr323.at pr323.at:1 pr323.at pr323 regression helper gh323;
-120;rhbz1506742.at:1;ipset with timeout;nftables regression/rhbz1506742.at:1 regression/rhbz1506742.at rhbz1506742.at:1 rhbz1506742.at rhbz1506742 regression ipset rhbz2055330 gh699 gh908;
-121;rhbz1594657.at:1;no log untracked passthrough queries;nftables regression/rhbz1594657.at:1 regression/rhbz1594657.at rhbz1594657.at:1 rhbz1594657.at rhbz1594657 regression direct passthrough;
-122;rhbz1571957.at:1;set-log-denied w/ ICMP block inversion;nftables regression/rhbz1571957.at:1 regression/rhbz1571957.at rhbz1571957.at:1 rhbz1571957.at rhbz1571957 regression log_denied icmp;
-123;rhbz1404076.at:1;query single port added with range;nftables regression/rhbz1404076.at:1 regression/rhbz1404076.at rhbz1404076.at:1 rhbz1404076.at rhbz1404076 regression port;
-124;gh366.at:1;service destination multiple IP versions;nftables regression/gh366.at:1 regression/gh366.at gh366.at:1 gh366.at gh366 regression service;
-125;rhbz1601610.at:1;ipset duplicate entries;nftables regression/rhbz1601610.at:1 regression/rhbz1601610.at rhbz1601610.at:1 rhbz1601610.at rhbz1601610 regression ipset;
-126;gh303.at:1;unicode in XML;nftables regression/gh303.at:1 regression/gh303.at gh303.at:1 gh303.at gh303 regression xml unicode service;
-127;gh335.at:1;forward-port toaddr enables IP forwarding;nftables regression/gh335.at:1 regression/gh335.at gh335.at:1 gh335.at gh335 regression port forward_port;
-128;gh482.at:1;remove forward-port after reload;nftables regression/gh482.at:1 regression/gh482.at gh482.at:1 gh482.at gh482 regression rhbz1637675 rich forward_port;
-129;gh478.at:1;rich rule marks every packet;nftables regression/gh478.at:1 regression/gh478.at gh478.at:1 gh478.at gh478 regression rich mark;
-130;gh453.at:1;nftables helper objects;nftables regression/gh453.at:1 regression/gh453.at gh453.at:1 gh453.at gh453 regression helper;
-131;gh258.at:1;zone dispatch layout;nftables regression/gh258.at:1 regression/gh258.at gh258.at:1 gh258.at gh258 regression zone gh441 rhbz1713823;
-132;rhbz1715977.at:1;rich rule src/dst with service destination;nftables regression/rhbz1715977.at:1 regression/rhbz1715977.at rhbz1715977.at:1 rhbz1715977.at rhbz1715977 regression rich service rhbz1729097 rhbz1791783;
-133;rhbz1723610.at:1;direct remove-rules per family;nftables regression/rhbz1723610.at:1 regression/rhbz1723610.at rhbz1723610.at:1 rhbz1723610.at rhbz1723610 regression direct gh385;
-134;rhbz1734765.at:1;zone sources ordered by name;nftables regression/rhbz1734765.at:1 regression/rhbz1734765.at rhbz1734765.at:1 rhbz1734765.at rhbz1734765 regression zone rhbz1421222 gh166 rhbz1738545;
-135;gh509.at:1;missing firewalld.conf file;nftables regression/gh509.at:1 regression/gh509.at gh509.at:1 gh509.at gh509 regression;
-136;gh567.at:1;rich rule source w/ mark action;nftables regression/gh567.at:1 regression/gh567.at gh567.at:1 gh567.at gh567 regression rich ipset;
-137;rhbz1779835.at:1;ipv6 address with brackets;nftables regression/rhbz1779835.at:1 regression/rhbz1779835.at rhbz1779835.at:1 rhbz1779835.at rhbz1779835 regression ipset;
-138;rhbz1779835.at:16;ipv6 address with brackets;nftables regression/rhbz1779835.at:16 regression/rhbz1779835.at rhbz1779835.at:16 rhbz1779835.at rhbz1779835 regression zone forward_port rich;
-139;gh330.at:1;ipset cleanup on reload/stop;nftables regression/gh330.at:1 regression/gh330.at gh330.at:1 gh330.at gh330 regression ipset reload rhbz1682913 rhbz1790948 rhbz1809225;
-140;gh599.at:1;writing to log after copytruncate;nftables regression/gh599.at:1 regression/gh599.at gh599.at:1 gh599.at gh599 regression;
-141;rhbz1843398.at:1;rich rule source mac;nftables regression/rhbz1843398.at:1 regression/rhbz1843398.at rhbz1843398.at:1 rhbz1843398.at rhbz1843398 regression rich gh643;
-142;rhbz1839781.at:1;service RH-Satellite-6;nftables regression/rhbz1839781.at:1 regression/rhbz1839781.at rhbz1839781.at:1 rhbz1839781.at rhbz1839781 regression service;
-143;rhbz1689429.at:1;rich rule invalid priority;nftables regression/rhbz1689429.at:1 regression/rhbz1689429.at rhbz1689429.at:1 rhbz1689429.at rhbz1689429 regression rich;
-144;rhbz1483921.at:1;direct and zone mutually exclusive;nftables regression/rhbz1483921.at:1 regression/rhbz1483921.at rhbz1483921.at:1 rhbz1483921.at rhbz1483921 regression direct;
-145;rhbz1541077.at:1;hash:mac and family mutually exclusive;nftables regression/rhbz1541077.at:1 regression/rhbz1541077.at rhbz1541077.at:1 rhbz1541077.at rhbz1541077 regression ipset;
-146;rhbz1855140.at:1;rich rule icmptypes with one family;nftables regression/rhbz1855140.at:1 regression/rhbz1855140.at rhbz1855140.at:1 rhbz1855140.at rhbz1855140 regression rich icmp;
-147;rhbz1871298.at:1;rich rule parsing bottleneck;nftables regression/rhbz1871298.at:1 regression/rhbz1871298.at rhbz1871298.at:1 rhbz1871298.at rhbz1871298 regression rich offline;
-148;rhbz1596304.at:1;rich rules strip non-printable characters;nftables regression/rhbz1596304.at:1 regression/rhbz1596304.at rhbz1596304.at:1 rhbz1596304.at rhbz1596304 regression rich;
-149;gh703.at:1;add source with mac address;nftables regression/gh703.at:1 regression/gh703.at gh703.at:1 gh703.at gh703 regression;
-150;ipset_netmask_allowed.at:1;ipset netmask allowed type hash:ip;nftables regression/ipset_netmask_allowed.at:1 regression/ipset_netmask_allowed.at ipset_netmask_allowed.at:1 ipset_netmask_allowed.at ipset_netmask_allowed regression ipset reload;
-151;rhbz1940928.at:1;direct -s/-d multiple addresses;nftables regression/rhbz1940928.at:1 regression/rhbz1940928.at rhbz1940928.at:1 rhbz1940928.at rhbz1940928 regression direct rhbz1949552;
-152;rhbz1936896.at:1;ipset type hash:net,net;nftables regression/rhbz1936896.at:1 regression/rhbz1936896.at rhbz1936896.at:1 rhbz1936896.at rhbz1936896 regression;
-153;gh795.at:1;ipset entry delete w/ timeout=0;nftables regression/gh795.at:1 regression/gh795.at gh795.at:1 gh795.at gh795 regression ipset gh794;
-154;rhbz1914935.at:1;zone overlapping ports;nftables regression/rhbz1914935.at:1 regression/rhbz1914935.at rhbz1914935.at:1 rhbz1914935.at rhbz1914935 regression zone port;
-155;gh696.at:1;icmp-block-inversion no log blocked;nftables regression/gh696.at:1 regression/gh696.at gh696.at:1 gh696.at gh696 regression icmp rhbz1945833;
-156;rhbz1917766.at:1;rich rule source with netmask;nftables regression/rhbz1917766.at:1 regression/rhbz1917766.at rhbz1917766.at:1 rhbz1917766.at rhbz1917766 regression rich;
-157;rhbz2014383.at:1;same source in two zone xml;nftables regression/rhbz2014383.at:1 regression/rhbz2014383.at rhbz2014383.at:1 rhbz2014383.at rhbz2014383 regression zone;
-158;gh874.at:1;policy masquerade w/ ingress interface;nftables regression/gh874.at:1 regression/gh874.at gh874.at:1 gh874.at gh874 regression policy zone masquerade gh926;
-159;gh881.at:1;ipset entry overlap detect perf;nftables regression/gh881.at:1 regression/gh881.at gh881.at:1 gh881.at gh881 regression ipset;
-160;service_includes_for_builtin.at:1;service include for built-in;nftables regression/service_includes_for_builtin.at:1 regression/service_includes_for_builtin.at service_includes_for_builtin.at:1 service_includes_for_builtin.at service_includes_for_builtin regression dbus service service_includes_for_built-in;
-161;gh940.at:1;log prefix;nftables regression/gh940.at:1 regression/gh940.at gh940.at:1 gh940.at gh940 regression policy;
-162;build_policy_split_wildcard.at:1;build policy split wildcards;nftables regression/build_policy_split_wildcard.at:1 regression/build_policy_split_wildcard.at build_policy_split_wildcard.at:1 build_policy_split_wildcard.at build_policy_split_wildcard regression gh892 policy;
-163;gh1011.at:1;remove entries results in empty;nftables regression/gh1011.at:1 regression/gh1011.at gh1011.at:1 gh1011.at gh1011 regression ipset rhbz2121985;
-164;rhbz2181406.at:1;rich rule limit;nftables regression/rhbz2181406.at:1 regression/rhbz2181406.at rhbz2181406.at:1 rhbz2181406.at rhbz2181406 regression rich;
-165;ipset_scale.at:1;ipset scale;nftables regression/ipset_scale.at:1 regression/ipset_scale.at ipset_scale.at:1 ipset_scale.at ipset_scale regression ipset gh738;
-166;gh1129.at:1;switch backend to iptables and reload;nftables regression/gh1129.at:1 regression/gh1129.at gh1129.at:1 gh1129.at gh1129 regression;
-167;gh1146.at:1;policy with mixed family zone source;nftables regression/gh1146.at:1 regression/gh1146.at gh1146.at:1 gh1146.at gh1146 regression policy;
-168;gh1152.at:1;list-all identical content;nftables regression/gh1152.at:1 regression/gh1152.at gh1152.at:1 gh1152.at gh1152 regression cli;
-169;rhbz2222044.at:1;duplicate rules after restart;nftables regression/rhbz2222044.at:1 regression/rhbz2222044.at rhbz2222044.at:1 rhbz2222044.at rhbz2222044 regression;
-170;gh1229.at:1;policy dispatch with egress-zone=ANY;nftables regression/gh1229.at:1 regression/gh1229.at gh1229.at:1 gh1229.at gh1229 regression policy gh1234;
-171;gh1278.at:1;policy dispatch update if active;nftables regression/gh1278.at:1 regression/gh1278.at gh1278.at:1 gh1278.at gh1278 regression source policy;
-172;gh1406.at:1;ipset iface;nftables regression/gh1406.at:1 regression/gh1406.at gh1406.at:1 gh1406.at gh1406 regression ipset;
-173;python.at:3;firewalld_misc.py;nftables python/python.at:3 python/python.at python.at:3 python.at python;
-174;python.at:8;firewalld_config.py;nftables python/python.at:8 python/python.at python.at:8 python.at python;
-175;python.at:13;firewalld_rich.py;nftables python/python.at:13 python/python.at python.at:13 python.at python;
-176;python.at:18;firewalld_direct.py;nftables python/python.at:18 python/python.at python.at:18 python.at python;
-177;rfc3964_ipv4.at:1;RFC3964_IPv4;nftables features/rfc3964_ipv4.at:1 features/rfc3964_ipv4.at rfc3964_ipv4.at:1 rfc3964_ipv4.at rfc3964_ipv4 features;
-178;service_include.at:1;service include;nftables features/service_include.at:1 features/service_include.at service_include.at:1 service_include.at service_include features service xml gh273 rhbz1720300 gh707 gh1075;
-179;helpers_custom.at:1;customer helpers;nftables features/helpers_custom.at:1 features/helpers_custom.at helpers_custom.at:1 helpers_custom.at helpers_custom features helpers rhbz1733066 gh514 rhbz1769520;
-180;policy.at:5;policy - xml;nftables features/policy.at:5 features/policy.at policy.at:5 policy.at policy features xml;
-181;policy.at:79;policy - create;nftables features/policy.at:79 features/policy.at policy.at:79 policy.at policy features;
-182;policy.at:96;policy - name;nftables features/policy.at:96 features/policy.at policy.at:96 policy.at policy features;
-183;policy.at:109;policy - list;nftables features/policy.at:109 features/policy.at policy.at:109 policy.at policy features;
-184;policy.at:231;policy - options;nftables features/policy.at:231 features/policy.at policy.at:231 policy.at policy features;
-185;policy.at:286;policy - priority;nftables features/policy.at:286 features/policy.at policy.at:286 policy.at policy features;
-186;policy.at:470;policy - zones;nftables features/policy.at:470 features/policy.at policy.at:470 policy.at policy features;
-187;policy.at:822;policy - dispatch;nftables features/policy.at:822 features/policy.at policy.at:822 policy.at policy features;
-188;policy.at:5352;policy - interfaces/sources;nftables features/policy.at:5352 features/policy.at policy.at:5352 policy.at policy features;
-189;policy.at:6073;policy - target;nftables features/policy.at:6073 features/policy.at policy.at:6073 policy.at policy features;
-190;policy.at:6122;policy - from file;nftables features/policy.at:6122 features/policy.at policy.at:6122 policy.at policy features;
-191;policy.at:6139;policy - zone drifting not allowed;nftables features/policy.at:6139 features/policy.at policy.at:6139 policy.at policy features gh797;
-192;policy.at:6301;policy - multiple using same zone source;nftables features/policy.at:6301 features/policy.at policy.at:6301 policy.at policy features source;
-193;services.at:1;services;nftables features/services.at:1 features/services.at services.at:1 services.at services features policy service;
-194;ports.at:1;ports;nftables features/ports.at:1 features/ports.at ports.at:1 ports.at ports features policy port;
-195;source_ports.at:1;source ports;nftables features/source_ports.at:1 features/source_ports.at source_ports.at:1 source_ports.at source_ports features policy source_port;
-196;forward_ports.at:1;forward ports;nftables features/forward_ports.at:1 features/forward_ports.at forward_ports.at:1 forward_ports.at forward_ports features policy forward_port;
-197;forward_ports.at:207;forward ports (OUTPUT);nftables features/forward_ports.at:207 features/forward_ports.at forward_ports.at:207 forward_ports.at forward_ports features policy forward_port rhbz2039542;
-198;forward_ports.at:287;forward ports - logging and limiting;nftables features/forward_ports.at:287 features/forward_ports.at forward_ports.at:287 forward_ports.at forward_ports features forward_port rich logging limit;
-199;masquerade.at:1;masquerade;nftables features/masquerade.at:1 features/masquerade.at masquerade.at:1 masquerade.at masquerade features policy gh926;
-200;protocols.at:1;protocols;nftables features/protocols.at:1 features/protocols.at protocols.at:1 protocols.at protocols features policy protocol;
-201;rich_rules.at:1;rich rules;nftables features/rich_rules.at:1 features/rich_rules.at rich_rules.at:1 rich_rules.at rich_rules features policy rich;
-202;icmp_blocks.at:1;ICMP blocks;nftables features/icmp_blocks.at:1 features/icmp_blocks.at icmp_blocks.at:1 icmp_blocks.at icmp_blocks features policy icmp_block;
-203;rich_tcp_mss_clamp.at:5;tcp-mss-clamp;nftables features/rich_tcp_mss_clamp.at:5 features/rich_tcp_mss_clamp.at rich_tcp_mss_clamp.at:5 rich_tcp_mss_clamp.at rich_tcp_mss_clamp features tcp-mss-clamp gh1121;
-204;rich_destination_ipset.at:1;rich destination ipset;nftables features/rich_destination_ipset.at:1 features/rich_destination_ipset.at rich_destination_ipset.at:1 rich_destination_ipset.at rich_destination_ipset features rich ipset;
-205;zone.at:1;zone - target;nftables features/zone.at:1 features/zone.at zone.at:1 zone.at zone features;
-206;rpfilter.at:1;rpfilter - strict;nftables features/rpfilter.at:1 features/rpfilter.at rpfilter.at:1 rpfilter.at rpfilter features;
-207;rpfilter.at:27;rpfilter - loose;nftables features/rpfilter.at:27 features/rpfilter.at rpfilter.at:27 rpfilter.at rpfilter features;
-208;rpfilter.at:53;rpfilter - strict-forward;nftables features/rpfilter.at:53 features/rpfilter.at rpfilter.at:53 rpfilter.at rpfilter features;
-209;rpfilter.at:89;rpfilter - loose-forward;nftables features/rpfilter.at:89 features/rpfilter.at rpfilter.at:89 rpfilter.at rpfilter features;
-210;rpfilter.at:125;rpfilter - config values;nftables features/rpfilter.at:125 features/rpfilter.at rpfilter.at:125 rpfilter.at rpfilter features;
-211;zone_combine.at:1;zone - combine;nftables features/zone_combine.at:1 features/zone_combine.at zone_combine.at:1 zone_combine.at zone_combine features zone;
-212;startup_failsafe.at:1;startup failsafe - invalid xml;nftables features/startup_failsafe.at:1 features/startup_failsafe.at startup_failsafe.at:1 startup_failsafe.at startup_failsafe features failsafe;
-213;startup_failsafe.at:1;startup failsafe - bad zone;nftables features/startup_failsafe.at:1 features/startup_failsafe.at startup_failsafe.at:1 startup_failsafe.at startup_failsafe features failsafe;
-214;startup_failsafe.at:1;startup failsafe - bad policy;nftables features/startup_failsafe.at:1 features/startup_failsafe.at startup_failsafe.at:1 startup_failsafe.at startup_failsafe features failsafe;
-215;startup_failsafe.at:1;startup failsafe - non-existent service;nftables features/startup_failsafe.at:1 features/startup_failsafe.at startup_failsafe.at:1 startup_failsafe.at startup_failsafe features failsafe;
-216;startup_failsafe.at:1;startup failsafe - non-existent icmptype;nftables features/startup_failsafe.at:1 features/startup_failsafe.at startup_failsafe.at:1 startup_failsafe.at startup_failsafe features failsafe;
-217;startup_failsafe.at:1;startup failsafe - bad direct;nftables features/startup_failsafe.at:1 features/startup_failsafe.at startup_failsafe.at:1 startup_failsafe.at startup_failsafe features failsafe;
-218;startup_failsafe.at:1;startup failsafe - broken stock config;nftables features/startup_failsafe.at:1 features/startup_failsafe.at startup_failsafe.at:1 startup_failsafe.at startup_failsafe features;
-219;ipset_defer_native_ipset_creation.at:1;ipset defer native creation;nftables features/ipset_defer_native_ipset_creation.at:1 features/ipset_defer_native_ipset_creation.at ipset_defer_native_ipset_creation.at:1 ipset_defer_native_ipset_creation.at ipset_defer_native_ipset_creation features ipset direct rhbz2122678;
-220;reset_defaults.at:1;reset defaults;nftables features/reset_defaults.at:1 features/reset_defaults.at reset_defaults.at:1 reset_defaults.at reset_defaults features reset;
-221;iptables_no_flush_on_shutdown.at:1;avoid iptables flush if using nftables;nftables features/iptables_no_flush_on_shutdown.at:1 features/iptables_no_flush_on_shutdown.at iptables_no_flush_on_shutdown.at:1 iptables_no_flush_on_shutdown.at iptables_no_flush_on_shutdown features direct gh863;
-222;zone_priority.at:1;zone - priority;nftables features/zone_priority.at:1 features/zone_priority.at zone_priority.at:1 zone_priority.at zone_priority features zone;
-223;nftables_flowtable.at:1;nftables flowtable;nftables features/nftables_flowtable.at:1 features/nftables_flowtable.at nftables_flowtable.at:1 nftables_flowtable.at nftables_flowtable features flowtable;
-224;nftables_counters.at:1;nftables counters;nftables features/nftables_counters.at:1 features/nftables_counters.at nftables_counters.at:1 nftables_counters.at nftables_counters features counters;
-225;reloadpolicy.at:1;check ReloadPolicy;nftables features/reloadpolicy.at:1 features/reloadpolicy.at reloadpolicy.at:1 reloadpolicy.at reloadpolicy features rhbz2149039;
-226;nftables_table_owner.at:1;nftables table owner;nftables features/nftables_table_owner.at:1 features/nftables_table_owner.at nftables_table_owner.at:1 nftables_table_owner.at nftables_table_owner features rhel-17002;
-227;strict_forward_ports.at:1;strict forward ports;nftables features/strict_forward_ports.at:1 features/strict_forward_ports.at strict_forward_ports.at:1 strict_forward_ports.at strict_forward_ports features forward_port gh869 gh1380;
-228;firewall-cmd.at:5;basic options;iptables cli/firewall-cmd.at:5 cli/firewall-cmd.at firewall-cmd.at:5 firewall-cmd.at firewall-cmd cli panic reload gh808;
-229;firewall-cmd.at:34;get/list options;iptables cli/firewall-cmd.at:34 cli/firewall-cmd.at firewall-cmd.at:34 firewall-cmd.at firewall-cmd cli zone service icmp;
-230;firewall-cmd.at:50;default zone;iptables cli/firewall-cmd.at:50 cli/firewall-cmd.at firewall-cmd.at:50 firewall-cmd.at firewall-cmd cli zone;
-231;firewall-cmd.at:62;user zone;iptables cli/firewall-cmd.at:62 cli/firewall-cmd.at firewall-cmd.at:62 firewall-cmd.at firewall-cmd cli zone;
-232;firewall-cmd.at:82;zone interfaces;iptables cli/firewall-cmd.at:82 cli/firewall-cmd.at firewall-cmd.at:82 firewall-cmd.at firewall-cmd cli zone;
-233;firewall-cmd.at:170;zone sources;iptables cli/firewall-cmd.at:170 cli/firewall-cmd.at firewall-cmd.at:170 firewall-cmd.at firewall-cmd cli zone;
-234;firewall-cmd.at:223;services;iptables cli/firewall-cmd.at:223 cli/firewall-cmd.at firewall-cmd.at:223 firewall-cmd.at firewall-cmd cli service;
-235;firewall-cmd.at:267;user services;iptables cli/firewall-cmd.at:267 cli/firewall-cmd.at firewall-cmd.at:267 firewall-cmd.at firewall-cmd cli service;
-236;firewall-cmd.at:349;ports;iptables cli/firewall-cmd.at:349 cli/firewall-cmd.at firewall-cmd.at:349 firewall-cmd.at firewall-cmd cli port;
-237;firewall-cmd.at:406;source ports;iptables cli/firewall-cmd.at:406 cli/firewall-cmd.at firewall-cmd.at:406 firewall-cmd.at firewall-cmd cli port;
-238;firewall-cmd.at:443;protocols;iptables cli/firewall-cmd.at:443 cli/firewall-cmd.at firewall-cmd.at:443 firewall-cmd.at firewall-cmd cli protocol;
-239;firewall-cmd.at:471;masquerade;iptables cli/firewall-cmd.at:471 cli/firewall-cmd.at firewall-cmd.at:471 firewall-cmd.at firewall-cmd cli masquerade nat;
-240;firewall-cmd.at:498;forward;iptables cli/firewall-cmd.at:498 cli/firewall-cmd.at firewall-cmd.at:498 firewall-cmd.at firewall-cmd cli forward gh586 gh613;
-241;firewall-cmd.at:686;forward ports;iptables cli/firewall-cmd.at:686 cli/firewall-cmd.at firewall-cmd.at:686 firewall-cmd.at firewall-cmd cli port forward_port;
-242;firewall-cmd.at:785;ICMP block;iptables cli/firewall-cmd.at:785 cli/firewall-cmd.at firewall-cmd.at:785 firewall-cmd.at firewall-cmd cli icmp;
-243;firewall-cmd.at:831;user ICMP types;iptables cli/firewall-cmd.at:831 cli/firewall-cmd.at firewall-cmd.at:831 firewall-cmd.at firewall-cmd cli icmp;
-244;firewall-cmd.at:854;ipset;iptables cli/firewall-cmd.at:854 cli/firewall-cmd.at firewall-cmd.at:854 firewall-cmd.at firewall-cmd cli ipset rhbz1685256;
-245;firewall-cmd.at:1063;user helpers;iptables cli/firewall-cmd.at:1063 cli/firewall-cmd.at firewall-cmd.at:1063 firewall-cmd.at firewall-cmd cli helper;
-246;firewall-cmd.at:1091;direct;iptables cli/firewall-cmd.at:1091 cli/firewall-cmd.at firewall-cmd.at:1091 firewall-cmd.at firewall-cmd cli direct;
-247;firewall-cmd.at:1165;direct nat;iptables cli/firewall-cmd.at:1165 cli/firewall-cmd.at firewall-cmd.at:1165 firewall-cmd.at firewall-cmd cli direct nat;
-248;firewall-cmd.at:1190;direct passthrough;iptables cli/firewall-cmd.at:1190 cli/firewall-cmd.at firewall-cmd.at:1190 firewall-cmd.at firewall-cmd cli direct passthrough;
-249;firewall-cmd.at:1228;direct ebtables;iptables cli/firewall-cmd.at:1228 cli/firewall-cmd.at firewall-cmd.at:1228 firewall-cmd.at firewall-cmd cli direct ebtables;
-250;firewall-cmd.at:1274;lockdown;iptables cli/firewall-cmd.at:1274 cli/firewall-cmd.at firewall-cmd.at:1274 firewall-cmd.at firewall-cmd cli lockdown;
-251;firewall-cmd.at:1369;rich rules good;iptables cli/firewall-cmd.at:1369 cli/firewall-cmd.at firewall-cmd.at:1369 firewall-cmd.at firewall-cmd cli rich;
-252;firewall-cmd.at:1403;rich rules audit;iptables cli/firewall-cmd.at:1403 cli/firewall-cmd.at firewall-cmd.at:1403 firewall-cmd.at firewall-cmd cli rich;
-253;firewall-cmd.at:1411;rich rules priority;iptables cli/firewall-cmd.at:1411 cli/firewall-cmd.at firewall-cmd.at:1411 firewall-cmd.at firewall-cmd cli rich;
-254;firewall-cmd.at:1966;rich rules bad;iptables cli/firewall-cmd.at:1966 cli/firewall-cmd.at firewall-cmd.at:1966 firewall-cmd.at firewall-cmd cli rich;
-255;firewall-cmd.at:2009;config validation;iptables cli/firewall-cmd.at:2009 cli/firewall-cmd.at firewall-cmd.at:2009 firewall-cmd.at firewall-cmd cli check_config;
-256;rhbz1514043.at:1;--set-log-denied does not zero config;iptables regression/rhbz1514043.at:1 regression/rhbz1514043.at rhbz1514043.at:1 rhbz1514043.at rhbz1514043 regression log_denied;
-257;rhbz1498923.at:1;invalid direct rule causes reload error;iptables regression/rhbz1498923.at:1 regression/rhbz1498923.at rhbz1498923.at:1 rhbz1498923.at rhbz1498923 regression direct reload;
-258;pr181.at:1;combined zones name length check;iptables regression/pr181.at:1 regression/pr181.at pr181.at:1 pr181.at pr181 regression zone gh181;
-259;gh287.at:1;ICMP block inversion;iptables regression/gh287.at:1 regression/gh287.at gh287.at:1 gh287.at gh287 regression icmp;
-260;individual_calls.at:1;individual calls;iptables regression/individual_calls.at:1 regression/individual_calls.at individual_calls.at:1 individual_calls.at individual_calls regression;
-261;rhbz1534571.at:3;rule deduplication;iptables regression/rhbz1534571.at:3 regression/rhbz1534571.at rhbz1534571.at:3 rhbz1534571.at rhbz1534571 regression;
-262;gh290.at:1;invalid syntax in xml files;iptables regression/gh290.at:1 regression/gh290.at gh290.at:1 gh290.at gh290 regression xml direct;
-263;gh290.at:19;invalid syntax in xml files;iptables regression/gh290.at:19 regression/gh290.at gh290.at:19 gh290.at gh290 regression xml zone;
-264;icmp_block_in_forward_chain.at:1;ICMP block not present FORWARD chain;iptables regression/icmp_block_in_forward_chain.at:1 regression/icmp_block_in_forward_chain.at icmp_block_in_forward_chain.at:1 icmp_block_in_forward_chain.at icmp_block_in_forward_chain regression icmp;
-265;pr323.at:1;GRE proto helper;iptables regression/pr323.at:1 regression/pr323.at pr323.at:1 pr323.at pr323 regression helper gh323;
-266;rhbz1506742.at:1;ipset with timeout;iptables regression/rhbz1506742.at:1 regression/rhbz1506742.at rhbz1506742.at:1 rhbz1506742.at rhbz1506742 regression ipset rhbz2055330 gh699 gh908;
-267;rhbz1594657.at:1;no log untracked passthrough queries;iptables regression/rhbz1594657.at:1 regression/rhbz1594657.at rhbz1594657.at:1 rhbz1594657.at rhbz1594657 regression direct passthrough;
-268;rhbz1571957.at:1;set-log-denied w/ ICMP block inversion;iptables regression/rhbz1571957.at:1 regression/rhbz1571957.at rhbz1571957.at:1 rhbz1571957.at rhbz1571957 regression log_denied icmp;
-269;rhbz1404076.at:1;query single port added with range;iptables regression/rhbz1404076.at:1 regression/rhbz1404076.at rhbz1404076.at:1 rhbz1404076.at rhbz1404076 regression port;
-270;gh366.at:1;service destination multiple IP versions;iptables regression/gh366.at:1 regression/gh366.at gh366.at:1 gh366.at gh366 regression service;
-271;rhbz1601610.at:1;ipset duplicate entries;iptables regression/rhbz1601610.at:1 regression/rhbz1601610.at rhbz1601610.at:1 rhbz1601610.at rhbz1601610 regression ipset;
-272;gh303.at:1;unicode in XML;iptables regression/gh303.at:1 regression/gh303.at gh303.at:1 gh303.at gh303 regression xml unicode service;
-273;gh335.at:1;forward-port toaddr enables IP forwarding;iptables regression/gh335.at:1 regression/gh335.at gh335.at:1 gh335.at gh335 regression port forward_port;
-274;gh482.at:1;remove forward-port after reload;iptables regression/gh482.at:1 regression/gh482.at gh482.at:1 gh482.at gh482 regression rhbz1637675 rich forward_port;
-275;gh478.at:1;rich rule marks every packet;iptables regression/gh478.at:1 regression/gh478.at gh478.at:1 gh478.at gh478 regression rich mark;
-276;gh258.at:1;zone dispatch layout;iptables regression/gh258.at:1 regression/gh258.at gh258.at:1 gh258.at gh258 regression zone gh441 rhbz1713823;
-277;rhbz1715977.at:1;rich rule src/dst with service destination;iptables regression/rhbz1715977.at:1 regression/rhbz1715977.at rhbz1715977.at:1 rhbz1715977.at rhbz1715977 regression rich service rhbz1729097 rhbz1791783;
-278;rhbz1723610.at:1;direct remove-rules per family;iptables regression/rhbz1723610.at:1 regression/rhbz1723610.at rhbz1723610.at:1 rhbz1723610.at rhbz1723610 regression direct gh385;
-279;rhbz1734765.at:1;zone sources ordered by name;iptables regression/rhbz1734765.at:1 regression/rhbz1734765.at rhbz1734765.at:1 rhbz1734765.at rhbz1734765 regression zone rhbz1421222 gh166 rhbz1738545;
-280;gh567.at:1;rich rule source w/ mark action;iptables regression/gh567.at:1 regression/gh567.at gh567.at:1 gh567.at gh567 regression rich ipset;
-281;rhbz1779835.at:1;ipv6 address with brackets;iptables regression/rhbz1779835.at:1 regression/rhbz1779835.at rhbz1779835.at:1 rhbz1779835.at rhbz1779835 regression ipset;
-282;rhbz1779835.at:16;ipv6 address with brackets;iptables regression/rhbz1779835.at:16 regression/rhbz1779835.at rhbz1779835.at:16 rhbz1779835.at rhbz1779835 regression zone forward_port rich;
-283;gh330.at:1;ipset cleanup on reload/stop;iptables regression/gh330.at:1 regression/gh330.at gh330.at:1 gh330.at gh330 regression ipset reload rhbz1682913 rhbz1790948 rhbz1809225;
-284;gh599.at:1;writing to log after copytruncate;iptables regression/gh599.at:1 regression/gh599.at gh599.at:1 gh599.at gh599 regression;
-285;rhbz1829104.at:1;direct rule in zone chain;iptables regression/rhbz1829104.at:1 regression/rhbz1829104.at rhbz1829104.at:1 rhbz1829104.at rhbz1829104 regression direct;
-286;rhbz1843398.at:1;rich rule source mac;iptables regression/rhbz1843398.at:1 regression/rhbz1843398.at rhbz1843398.at:1 rhbz1843398.at rhbz1843398 regression rich gh643;
-287;rhbz1839781.at:1;service RH-Satellite-6;iptables regression/rhbz1839781.at:1 regression/rhbz1839781.at rhbz1839781.at:1 rhbz1839781.at rhbz1839781 regression service;
-288;rhbz1689429.at:1;rich rule invalid priority;iptables regression/rhbz1689429.at:1 regression/rhbz1689429.at rhbz1689429.at:1 rhbz1689429.at rhbz1689429 regression rich;
-289;rhbz1483921.at:1;direct and zone mutually exclusive;iptables regression/rhbz1483921.at:1 regression/rhbz1483921.at rhbz1483921.at:1 rhbz1483921.at rhbz1483921 regression direct;
-290;rhbz1541077.at:1;hash:mac and family mutually exclusive;iptables regression/rhbz1541077.at:1 regression/rhbz1541077.at rhbz1541077.at:1 rhbz1541077.at rhbz1541077 regression ipset;
-291;rhbz1855140.at:1;rich rule icmptypes with one family;iptables regression/rhbz1855140.at:1 regression/rhbz1855140.at rhbz1855140.at:1 rhbz1855140.at rhbz1855140 regression rich icmp;
-292;rhbz1871298.at:1;rich rule parsing bottleneck;iptables regression/rhbz1871298.at:1 regression/rhbz1871298.at rhbz1871298.at:1 rhbz1871298.at rhbz1871298 regression rich offline;
-293;rhbz1596304.at:1;rich rules strip non-printable characters;iptables regression/rhbz1596304.at:1 regression/rhbz1596304.at rhbz1596304.at:1 rhbz1596304.at rhbz1596304 regression rich;
-294;gh703.at:1;add source with mac address;iptables regression/gh703.at:1 regression/gh703.at gh703.at:1 gh703.at gh703 regression;
-295;ipset_netmask_allowed.at:1;ipset netmask allowed type hash:ip;iptables regression/ipset_netmask_allowed.at:1 regression/ipset_netmask_allowed.at ipset_netmask_allowed.at:1 ipset_netmask_allowed.at ipset_netmask_allowed regression ipset reload;
-296;rhbz1940928.at:1;direct -s/-d multiple addresses;iptables regression/rhbz1940928.at:1 regression/rhbz1940928.at rhbz1940928.at:1 rhbz1940928.at rhbz1940928 regression direct rhbz1949552;
-297;rhbz1936896.at:1;ipset type hash:net,net;iptables regression/rhbz1936896.at:1 regression/rhbz1936896.at rhbz1936896.at:1 rhbz1936896.at rhbz1936896 regression;
-298;gh795.at:1;ipset entry delete w/ timeout=0;iptables regression/gh795.at:1 regression/gh795.at gh795.at:1 gh795.at gh795 regression ipset gh794;
-299;rhbz1914935.at:1;zone overlapping ports;iptables regression/rhbz1914935.at:1 regression/rhbz1914935.at rhbz1914935.at:1 rhbz1914935.at rhbz1914935 regression zone port;
-300;gh696.at:1;icmp-block-inversion no log blocked;iptables regression/gh696.at:1 regression/gh696.at gh696.at:1 gh696.at gh696 regression icmp rhbz1945833;
-301;rhbz1917766.at:1;rich rule source with netmask;iptables regression/rhbz1917766.at:1 regression/rhbz1917766.at rhbz1917766.at:1 rhbz1917766.at rhbz1917766 regression rich;
-302;rhbz2014383.at:1;same source in two zone xml;iptables regression/rhbz2014383.at:1 regression/rhbz2014383.at rhbz2014383.at:1 rhbz2014383.at rhbz2014383 regression zone;
-303;gh874.at:1;policy masquerade w/ ingress interface;iptables regression/gh874.at:1 regression/gh874.at gh874.at:1 gh874.at gh874 regression policy zone masquerade gh926;
-304;gh881.at:1;ipset entry overlap detect perf;iptables regression/gh881.at:1 regression/gh881.at gh881.at:1 gh881.at gh881 regression ipset;
-305;service_includes_for_builtin.at:1;service include for built-in;iptables regression/service_includes_for_builtin.at:1 regression/service_includes_for_builtin.at service_includes_for_builtin.at:1 service_includes_for_builtin.at service_includes_for_builtin regression dbus service service_includes_for_built-in;
-306;gh940.at:1;log prefix;iptables regression/gh940.at:1 regression/gh940.at gh940.at:1 gh940.at gh940 regression policy;
-307;build_policy_split_wildcard.at:1;build policy split wildcards;iptables regression/build_policy_split_wildcard.at:1 regression/build_policy_split_wildcard.at build_policy_split_wildcard.at:1 build_policy_split_wildcard.at build_policy_split_wildcard regression gh892 policy;
-308;gh1011.at:1;remove entries results in empty;iptables regression/gh1011.at:1 regression/gh1011.at gh1011.at:1 gh1011.at gh1011 regression ipset rhbz2121985;
-309;rhbz2181406.at:1;rich rule limit;iptables regression/rhbz2181406.at:1 regression/rhbz2181406.at rhbz2181406.at:1 rhbz2181406.at rhbz2181406 regression rich;
-310;ipset_scale.at:1;ipset scale;iptables regression/ipset_scale.at:1 regression/ipset_scale.at ipset_scale.at:1 ipset_scale.at ipset_scale regression ipset gh738;
-311;gh1129.at:16;switch backend to nftables and reload;iptables regression/gh1129.at:16 regression/gh1129.at gh1129.at:16 gh1129.at gh1129 regression;
-312;gh1146.at:1;policy with mixed family zone source;iptables regression/gh1146.at:1 regression/gh1146.at gh1146.at:1 gh1146.at gh1146 regression policy;
-313;gh1152.at:1;list-all identical content;iptables regression/gh1152.at:1 regression/gh1152.at gh1152.at:1 gh1152.at gh1152 regression cli;
-314;rhbz2222044.at:1;duplicate rules after restart;iptables regression/rhbz2222044.at:1 regression/rhbz2222044.at rhbz2222044.at:1 rhbz2222044.at rhbz2222044 regression;
-315;gh1229.at:1;policy dispatch with egress-zone=ANY;iptables regression/gh1229.at:1 regression/gh1229.at gh1229.at:1 gh1229.at gh1229 regression policy gh1234;
-316;gh1278.at:1;policy dispatch update if active;iptables regression/gh1278.at:1 regression/gh1278.at gh1278.at:1 gh1278.at gh1278 regression source policy;
-317;gh1406.at:1;ipset iface;iptables regression/gh1406.at:1 regression/gh1406.at gh1406.at:1 gh1406.at gh1406 regression ipset;
-318;python.at:3;firewalld_misc.py;iptables python/python.at:3 python/python.at python.at:3 python.at python;
-319;python.at:8;firewalld_config.py;iptables python/python.at:8 python/python.at python.at:8 python.at python;
-320;python.at:13;firewalld_rich.py;iptables python/python.at:13 python/python.at python.at:13 python.at python;
-321;python.at:18;firewalld_direct.py;iptables python/python.at:18 python/python.at python.at:18 python.at python;
-322;rfc3964_ipv4.at:1;RFC3964_IPv4;iptables features/rfc3964_ipv4.at:1 features/rfc3964_ipv4.at rfc3964_ipv4.at:1 rfc3964_ipv4.at rfc3964_ipv4 features;
-323;service_include.at:1;service include;iptables features/service_include.at:1 features/service_include.at service_include.at:1 service_include.at service_include features service xml gh273 rhbz1720300 gh707 gh1075;
-324;helpers_custom.at:1;customer helpers;iptables features/helpers_custom.at:1 features/helpers_custom.at helpers_custom.at:1 helpers_custom.at helpers_custom features helpers rhbz1733066 gh514 rhbz1769520;
-325;policy.at:5;policy - xml;iptables features/policy.at:5 features/policy.at policy.at:5 policy.at policy features xml;
-326;policy.at:79;policy - create;iptables features/policy.at:79 features/policy.at policy.at:79 policy.at policy features;
-327;policy.at:96;policy - name;iptables features/policy.at:96 features/policy.at policy.at:96 policy.at policy features;
-328;policy.at:109;policy - list;iptables features/policy.at:109 features/policy.at policy.at:109 policy.at policy features;
-329;policy.at:231;policy - options;iptables features/policy.at:231 features/policy.at policy.at:231 policy.at policy features;
-330;policy.at:286;policy - priority;iptables features/policy.at:286 features/policy.at policy.at:286 policy.at policy features;
-331;policy.at:470;policy - zones;iptables features/policy.at:470 features/policy.at policy.at:470 policy.at policy features;
-332;policy.at:822;policy - dispatch;iptables features/policy.at:822 features/policy.at policy.at:822 policy.at policy features;
-333;policy.at:5352;policy - interfaces/sources;iptables features/policy.at:5352 features/policy.at policy.at:5352 policy.at policy features;
-334;policy.at:6073;policy - target;iptables features/policy.at:6073 features/policy.at policy.at:6073 policy.at policy features;
-335;policy.at:6122;policy - from file;iptables features/policy.at:6122 features/policy.at policy.at:6122 policy.at policy features;
-336;policy.at:6139;policy - zone drifting not allowed;iptables features/policy.at:6139 features/policy.at policy.at:6139 policy.at policy features gh797;
-337;policy.at:6301;policy - multiple using same zone source;iptables features/policy.at:6301 features/policy.at policy.at:6301 policy.at policy features source;
-338;services.at:1;services;iptables features/services.at:1 features/services.at services.at:1 services.at services features policy service;
-339;ports.at:1;ports;iptables features/ports.at:1 features/ports.at ports.at:1 ports.at ports features policy port;
-340;source_ports.at:1;source ports;iptables features/source_ports.at:1 features/source_ports.at source_ports.at:1 source_ports.at source_ports features policy source_port;
-341;forward_ports.at:1;forward ports;iptables features/forward_ports.at:1 features/forward_ports.at forward_ports.at:1 forward_ports.at forward_ports features policy forward_port;
-342;forward_ports.at:207;forward ports (OUTPUT);iptables features/forward_ports.at:207 features/forward_ports.at forward_ports.at:207 forward_ports.at forward_ports features policy forward_port rhbz2039542;
-343;forward_ports.at:287;forward ports - logging and limiting;iptables features/forward_ports.at:287 features/forward_ports.at forward_ports.at:287 forward_ports.at forward_ports features forward_port rich logging limit;
-344;masquerade.at:1;masquerade;iptables features/masquerade.at:1 features/masquerade.at masquerade.at:1 masquerade.at masquerade features policy gh926;
-345;protocols.at:1;protocols;iptables features/protocols.at:1 features/protocols.at protocols.at:1 protocols.at protocols features policy protocol;
-346;rich_rules.at:1;rich rules;iptables features/rich_rules.at:1 features/rich_rules.at rich_rules.at:1 rich_rules.at rich_rules features policy rich;
-347;icmp_blocks.at:1;ICMP blocks;iptables features/icmp_blocks.at:1 features/icmp_blocks.at icmp_blocks.at:1 icmp_blocks.at icmp_blocks features policy icmp_block;
-348;rich_tcp_mss_clamp.at:5;tcp-mss-clamp;iptables features/rich_tcp_mss_clamp.at:5 features/rich_tcp_mss_clamp.at rich_tcp_mss_clamp.at:5 rich_tcp_mss_clamp.at rich_tcp_mss_clamp features tcp-mss-clamp gh1121;
-349;rich_destination_ipset.at:1;rich destination ipset;iptables features/rich_destination_ipset.at:1 features/rich_destination_ipset.at rich_destination_ipset.at:1 rich_destination_ipset.at rich_destination_ipset features rich ipset;
-350;zone.at:1;zone - target;iptables features/zone.at:1 features/zone.at zone.at:1 zone.at zone features;
-351;rpfilter.at:1;rpfilter - strict;iptables features/rpfilter.at:1 features/rpfilter.at rpfilter.at:1 rpfilter.at rpfilter features;
-352;rpfilter.at:27;rpfilter - loose;iptables features/rpfilter.at:27 features/rpfilter.at rpfilter.at:27 rpfilter.at rpfilter features;
-353;rpfilter.at:53;rpfilter - strict-forward;iptables features/rpfilter.at:53 features/rpfilter.at rpfilter.at:53 rpfilter.at rpfilter features;
-354;rpfilter.at:89;rpfilter - loose-forward;iptables features/rpfilter.at:89 features/rpfilter.at rpfilter.at:89 rpfilter.at rpfilter features;
-355;rpfilter.at:125;rpfilter - config values;iptables features/rpfilter.at:125 features/rpfilter.at rpfilter.at:125 rpfilter.at rpfilter features;
-356;zone_combine.at:1;zone - combine;iptables features/zone_combine.at:1 features/zone_combine.at zone_combine.at:1 zone_combine.at zone_combine features zone;
-357;reset_defaults.at:1;reset defaults;iptables features/reset_defaults.at:1 features/reset_defaults.at reset_defaults.at:1 reset_defaults.at reset_defaults features reset;
-358;zone_priority.at:1;zone - priority;iptables features/zone_priority.at:1 features/zone_priority.at zone_priority.at:1 zone_priority.at zone_priority features zone;
-359;reloadpolicy.at:1;check ReloadPolicy;iptables features/reloadpolicy.at:1 features/reloadpolicy.at reloadpolicy.at:1 reloadpolicy.at reloadpolicy features rhbz2149039;
-360;strict_forward_ports.at:1;strict forward ports;iptables features/strict_forward_ports.at:1 features/strict_forward_ports.at strict_forward_ports.at:1 strict_forward_ports.at strict_forward_ports features forward_port gh869 gh1380;
+62;rpfilter.at:125;rpfilter - config values;offline features/rpfilter.at:125 features/rpfilter.at rpfilter.at:125 rpfilter.at rpfilter features rhel-72937;
+63;rpfilter.at:147;rpfilter - config values, -forward;offline features/rpfilter.at:147 features/rpfilter.at rpfilter.at:147 rpfilter.at rpfilter features rhel-72937;
+64;zone_combine.at:1;zone - combine;offline features/zone_combine.at:1 features/zone_combine.at zone_combine.at:1 zone_combine.at zone_combine features zone;
+65;ipset_defer_native_ipset_creation.at:1;ipset defer native creation;offline features/ipset_defer_native_ipset_creation.at:1 features/ipset_defer_native_ipset_creation.at ipset_defer_native_ipset_creation.at:1 ipset_defer_native_ipset_creation.at ipset_defer_native_ipset_creation features ipset direct rhbz2122678;
+66;reset_defaults.at:1;reset defaults;offline features/reset_defaults.at:1 features/reset_defaults.at reset_defaults.at:1 reset_defaults.at reset_defaults features reset;
+67;zone_priority.at:1;zone - priority;offline features/zone_priority.at:1 features/zone_priority.at zone_priority.at:1 zone_priority.at zone_priority features zone;
+68;reloadpolicy.at:1;check ReloadPolicy;offline features/reloadpolicy.at:1 features/reloadpolicy.at reloadpolicy.at:1 reloadpolicy.at reloadpolicy features rhbz2149039;
+69;strict_forward_ports.at:1;strict forward ports;offline features/strict_forward_ports.at:1 features/strict_forward_ports.at strict_forward_ports.at:1 strict_forward_ports.at strict_forward_ports features forward_port gh869 gh1380;
+70;firewall-offline-cmd.at:19;lokkit migration;offline cli/firewall-offline-cmd.at:19 cli/firewall-offline-cmd.at firewall-offline-cmd.at:19 firewall-offline-cmd.at firewall-offline-cmd cli lokkit;
+71;firewalld.conf.at:1;firewalld.conf;nftables dbus/firewalld.conf.at:1 dbus/firewalld.conf.at firewalld.conf.at:1 firewalld.conf.at firewalld.conf dbus;
+72;service.at:1;dbus api - services;nftables dbus/service.at:1 dbus/service.at service.at:1 service.at service dbus rhbz1721414 rhbz1737045 gh514;
+73;zone_permanent_signatures.at:1;dbus api - zone permanent signatures;nftables dbus/zone_permanent_signatures.at:1 dbus/zone_permanent_signatures.at zone_permanent_signatures.at:1 zone_permanent_signatures.at zone_permanent_signatures dbus zone gh586 gh613;
+74;zone_runtime_signatures.at:1;dbus api - zone runtime signatures;nftables dbus/zone_runtime_signatures.at:1 dbus/zone_runtime_signatures.at zone_runtime_signatures.at:1 zone_runtime_signatures.at zone_runtime_signatures dbus zone gh586 gh613;
+75;zone_permanent_functional.at:1;dbus api - zone permanent functional;nftables dbus/zone_permanent_functional.at:1 dbus/zone_permanent_functional.at zone_permanent_functional.at:1 zone_permanent_functional.at zone_permanent_functional dbus zone gh586 gh613;
+76;zone_runtime_functional.at:1;dbus api - zone runtime functional;nftables dbus/zone_runtime_functional.at:1 dbus/zone_runtime_functional.at zone_runtime_functional.at:1 zone_runtime_functional.at zone_runtime_functional dbus zone gh586 gh613;
+77;policy_permanent_signatures.at:1;dbus api - policy permanent signatures;nftables dbus/policy_permanent_signatures.at:1 dbus/policy_permanent_signatures.at policy_permanent_signatures.at:1 policy_permanent_signatures.at policy_permanent_signatures dbus policy;
+78;policy_runtime_signatures.at:1;dbus api - policy runtime signatures;nftables dbus/policy_runtime_signatures.at:1 dbus/policy_runtime_signatures.at policy_runtime_signatures.at:1 policy_runtime_signatures.at policy_runtime_signatures dbus policy;
+79;policy_permanent_functional.at:1;dbus api - policy permanent functional;nftables dbus/policy_permanent_functional.at:1 dbus/policy_permanent_functional.at policy_permanent_functional.at:1 policy_permanent_functional.at policy_permanent_functional dbus policy;
+80;policy_runtime_functional.at:1;dbus api - policy runtime functional;nftables dbus/policy_runtime_functional.at:1 dbus/policy_runtime_functional.at policy_runtime_functional.at:1 policy_runtime_functional.at policy_runtime_functional dbus policy;
+81;direct.at:1;dbus api - direct signatures;nftables dbus/direct.at:1 dbus/direct.at direct.at:1 direct.at direct dbus;
+82;lockdown.at:1;dbus api - lockdown signatures;nftables dbus/lockdown.at:1 dbus/lockdown.at lockdown.at:1 lockdown.at lockdown dbus;
+83;firewall-cmd.at:5;basic options;nftables cli/firewall-cmd.at:5 cli/firewall-cmd.at firewall-cmd.at:5 firewall-cmd.at firewall-cmd cli panic reload gh808;
+84;firewall-cmd.at:34;get/list options;nftables cli/firewall-cmd.at:34 cli/firewall-cmd.at firewall-cmd.at:34 firewall-cmd.at firewall-cmd cli zone service icmp;
+85;firewall-cmd.at:50;default zone;nftables cli/firewall-cmd.at:50 cli/firewall-cmd.at firewall-cmd.at:50 firewall-cmd.at firewall-cmd cli zone;
+86;firewall-cmd.at:62;user zone;nftables cli/firewall-cmd.at:62 cli/firewall-cmd.at firewall-cmd.at:62 firewall-cmd.at firewall-cmd cli zone;
+87;firewall-cmd.at:82;zone interfaces;nftables cli/firewall-cmd.at:82 cli/firewall-cmd.at firewall-cmd.at:82 firewall-cmd.at firewall-cmd cli zone;
+88;firewall-cmd.at:170;zone sources;nftables cli/firewall-cmd.at:170 cli/firewall-cmd.at firewall-cmd.at:170 firewall-cmd.at firewall-cmd cli zone;
+89;firewall-cmd.at:223;services;nftables cli/firewall-cmd.at:223 cli/firewall-cmd.at firewall-cmd.at:223 firewall-cmd.at firewall-cmd cli service;
+90;firewall-cmd.at:267;user services;nftables cli/firewall-cmd.at:267 cli/firewall-cmd.at firewall-cmd.at:267 firewall-cmd.at firewall-cmd cli service;
+91;firewall-cmd.at:349;ports;nftables cli/firewall-cmd.at:349 cli/firewall-cmd.at firewall-cmd.at:349 firewall-cmd.at firewall-cmd cli port;
+92;firewall-cmd.at:406;source ports;nftables cli/firewall-cmd.at:406 cli/firewall-cmd.at firewall-cmd.at:406 firewall-cmd.at firewall-cmd cli port;
+93;firewall-cmd.at:443;protocols;nftables cli/firewall-cmd.at:443 cli/firewall-cmd.at firewall-cmd.at:443 firewall-cmd.at firewall-cmd cli protocol;
+94;firewall-cmd.at:471;masquerade;nftables cli/firewall-cmd.at:471 cli/firewall-cmd.at firewall-cmd.at:471 firewall-cmd.at firewall-cmd cli masquerade nat;
+95;firewall-cmd.at:498;forward;nftables cli/firewall-cmd.at:498 cli/firewall-cmd.at firewall-cmd.at:498 firewall-cmd.at firewall-cmd cli forward gh586 gh613;
+96;firewall-cmd.at:686;forward ports;nftables cli/firewall-cmd.at:686 cli/firewall-cmd.at firewall-cmd.at:686 firewall-cmd.at firewall-cmd cli port forward_port;
+97;firewall-cmd.at:785;ICMP block;nftables cli/firewall-cmd.at:785 cli/firewall-cmd.at firewall-cmd.at:785 firewall-cmd.at firewall-cmd cli icmp;
+98;firewall-cmd.at:831;user ICMP types;nftables cli/firewall-cmd.at:831 cli/firewall-cmd.at firewall-cmd.at:831 firewall-cmd.at firewall-cmd cli icmp;
+99;firewall-cmd.at:854;ipset;nftables cli/firewall-cmd.at:854 cli/firewall-cmd.at firewall-cmd.at:854 firewall-cmd.at firewall-cmd cli ipset rhbz1685256;
+100;firewall-cmd.at:1063;user helpers;nftables cli/firewall-cmd.at:1063 cli/firewall-cmd.at firewall-cmd.at:1063 firewall-cmd.at firewall-cmd cli helper;
+101;firewall-cmd.at:1091;direct;nftables cli/firewall-cmd.at:1091 cli/firewall-cmd.at firewall-cmd.at:1091 firewall-cmd.at firewall-cmd cli direct;
+102;firewall-cmd.at:1165;direct nat;nftables cli/firewall-cmd.at:1165 cli/firewall-cmd.at firewall-cmd.at:1165 firewall-cmd.at firewall-cmd cli direct nat;
+103;firewall-cmd.at:1190;direct passthrough;nftables cli/firewall-cmd.at:1190 cli/firewall-cmd.at firewall-cmd.at:1190 firewall-cmd.at firewall-cmd cli direct passthrough;
+104;firewall-cmd.at:1228;direct ebtables;nftables cli/firewall-cmd.at:1228 cli/firewall-cmd.at firewall-cmd.at:1228 firewall-cmd.at firewall-cmd cli direct ebtables;
+105;firewall-cmd.at:1274;lockdown;nftables cli/firewall-cmd.at:1274 cli/firewall-cmd.at firewall-cmd.at:1274 firewall-cmd.at firewall-cmd cli lockdown;
+106;firewall-cmd.at:1369;rich rules good;nftables cli/firewall-cmd.at:1369 cli/firewall-cmd.at firewall-cmd.at:1369 firewall-cmd.at firewall-cmd cli rich;
+107;firewall-cmd.at:1403;rich rules audit;nftables cli/firewall-cmd.at:1403 cli/firewall-cmd.at firewall-cmd.at:1403 firewall-cmd.at firewall-cmd cli rich;
+108;firewall-cmd.at:1411;rich rules priority;nftables cli/firewall-cmd.at:1411 cli/firewall-cmd.at firewall-cmd.at:1411 firewall-cmd.at firewall-cmd cli rich;
+109;firewall-cmd.at:1966;rich rules bad;nftables cli/firewall-cmd.at:1966 cli/firewall-cmd.at firewall-cmd.at:1966 firewall-cmd.at firewall-cmd cli rich;
+110;firewall-cmd.at:2009;config validation;nftables cli/firewall-cmd.at:2009 cli/firewall-cmd.at firewall-cmd.at:2009 firewall-cmd.at firewall-cmd cli check_config;
+111;rhbz1514043.at:1;--set-log-denied does not zero config;nftables regression/rhbz1514043.at:1 regression/rhbz1514043.at rhbz1514043.at:1 rhbz1514043.at rhbz1514043 regression log_denied;
+112;rhbz1498923.at:1;invalid direct rule causes reload error;nftables regression/rhbz1498923.at:1 regression/rhbz1498923.at rhbz1498923.at:1 rhbz1498923.at rhbz1498923 regression direct reload;
+113;pr181.at:1;combined zones name length check;nftables regression/pr181.at:1 regression/pr181.at pr181.at:1 pr181.at pr181 regression zone gh181;
+114;gh287.at:1;ICMP block inversion;nftables regression/gh287.at:1 regression/gh287.at gh287.at:1 gh287.at gh287 regression icmp;
+115;individual_calls.at:1;individual calls;nftables regression/individual_calls.at:1 regression/individual_calls.at individual_calls.at:1 individual_calls.at individual_calls regression;
+116;rhbz1534571.at:3;rule deduplication;nftables regression/rhbz1534571.at:3 regression/rhbz1534571.at rhbz1534571.at:3 rhbz1534571.at rhbz1534571 regression;
+117;gh290.at:1;invalid syntax in xml files;nftables regression/gh290.at:1 regression/gh290.at gh290.at:1 gh290.at gh290 regression xml direct;
+118;gh290.at:19;invalid syntax in xml files;nftables regression/gh290.at:19 regression/gh290.at gh290.at:19 gh290.at gh290 regression xml zone;
+119;icmp_block_in_forward_chain.at:1;ICMP block not present FORWARD chain;nftables regression/icmp_block_in_forward_chain.at:1 regression/icmp_block_in_forward_chain.at icmp_block_in_forward_chain.at:1 icmp_block_in_forward_chain.at icmp_block_in_forward_chain regression icmp;
+120;pr323.at:1;GRE proto helper;nftables regression/pr323.at:1 regression/pr323.at pr323.at:1 pr323.at pr323 regression helper gh323;
+121;rhbz1506742.at:1;ipset with timeout;nftables regression/rhbz1506742.at:1 regression/rhbz1506742.at rhbz1506742.at:1 rhbz1506742.at rhbz1506742 regression ipset rhbz2055330 gh699 gh908;
+122;rhbz1594657.at:1;no log untracked passthrough queries;nftables regression/rhbz1594657.at:1 regression/rhbz1594657.at rhbz1594657.at:1 rhbz1594657.at rhbz1594657 regression direct passthrough;
+123;rhbz1571957.at:1;set-log-denied w/ ICMP block inversion;nftables regression/rhbz1571957.at:1 regression/rhbz1571957.at rhbz1571957.at:1 rhbz1571957.at rhbz1571957 regression log_denied icmp;
+124;rhbz1404076.at:1;query single port added with range;nftables regression/rhbz1404076.at:1 regression/rhbz1404076.at rhbz1404076.at:1 rhbz1404076.at rhbz1404076 regression port;
+125;gh366.at:1;service destination multiple IP versions;nftables regression/gh366.at:1 regression/gh366.at gh366.at:1 gh366.at gh366 regression service;
+126;rhbz1601610.at:1;ipset duplicate entries;nftables regression/rhbz1601610.at:1 regression/rhbz1601610.at rhbz1601610.at:1 rhbz1601610.at rhbz1601610 regression ipset;
+127;gh303.at:1;unicode in XML;nftables regression/gh303.at:1 regression/gh303.at gh303.at:1 gh303.at gh303 regression xml unicode service;
+128;gh335.at:1;forward-port toaddr enables IP forwarding;nftables regression/gh335.at:1 regression/gh335.at gh335.at:1 gh335.at gh335 regression port forward_port;
+129;gh482.at:1;remove forward-port after reload;nftables regression/gh482.at:1 regression/gh482.at gh482.at:1 gh482.at gh482 regression rhbz1637675 rich forward_port;
+130;gh478.at:1;rich rule marks every packet;nftables regression/gh478.at:1 regression/gh478.at gh478.at:1 gh478.at gh478 regression rich mark;
+131;gh453.at:1;nftables helper objects;nftables regression/gh453.at:1 regression/gh453.at gh453.at:1 gh453.at gh453 regression helper;
+132;gh258.at:1;zone dispatch layout;nftables regression/gh258.at:1 regression/gh258.at gh258.at:1 gh258.at gh258 regression zone gh441 rhbz1713823;
+133;rhbz1715977.at:1;rich rule src/dst with service destination;nftables regression/rhbz1715977.at:1 regression/rhbz1715977.at rhbz1715977.at:1 rhbz1715977.at rhbz1715977 regression rich service rhbz1729097 rhbz1791783;
+134;rhbz1723610.at:1;direct remove-rules per family;nftables regression/rhbz1723610.at:1 regression/rhbz1723610.at rhbz1723610.at:1 rhbz1723610.at rhbz1723610 regression direct gh385;
+135;rhbz1734765.at:1;zone sources ordered by name;nftables regression/rhbz1734765.at:1 regression/rhbz1734765.at rhbz1734765.at:1 rhbz1734765.at rhbz1734765 regression zone rhbz1421222 gh166 rhbz1738545;
+136;gh509.at:1;missing firewalld.conf file;nftables regression/gh509.at:1 regression/gh509.at gh509.at:1 gh509.at gh509 regression;
+137;gh567.at:1;rich rule source w/ mark action;nftables regression/gh567.at:1 regression/gh567.at gh567.at:1 gh567.at gh567 regression rich ipset;
+138;rhbz1779835.at:1;ipv6 address with brackets;nftables regression/rhbz1779835.at:1 regression/rhbz1779835.at rhbz1779835.at:1 rhbz1779835.at rhbz1779835 regression ipset;
+139;rhbz1779835.at:16;ipv6 address with brackets;nftables regression/rhbz1779835.at:16 regression/rhbz1779835.at rhbz1779835.at:16 rhbz1779835.at rhbz1779835 regression zone forward_port rich;
+140;gh330.at:1;ipset cleanup on reload/stop;nftables regression/gh330.at:1 regression/gh330.at gh330.at:1 gh330.at gh330 regression ipset reload rhbz1682913 rhbz1790948 rhbz1809225;
+141;gh599.at:1;writing to log after copytruncate;nftables regression/gh599.at:1 regression/gh599.at gh599.at:1 gh599.at gh599 regression;
+142;rhbz1843398.at:1;rich rule source mac;nftables regression/rhbz1843398.at:1 regression/rhbz1843398.at rhbz1843398.at:1 rhbz1843398.at rhbz1843398 regression rich gh643;
+143;rhbz1839781.at:1;service RH-Satellite-6;nftables regression/rhbz1839781.at:1 regression/rhbz1839781.at rhbz1839781.at:1 rhbz1839781.at rhbz1839781 regression service;
+144;rhbz1689429.at:1;rich rule invalid priority;nftables regression/rhbz1689429.at:1 regression/rhbz1689429.at rhbz1689429.at:1 rhbz1689429.at rhbz1689429 regression rich;
+145;rhbz1483921.at:1;direct and zone mutually exclusive;nftables regression/rhbz1483921.at:1 regression/rhbz1483921.at rhbz1483921.at:1 rhbz1483921.at rhbz1483921 regression direct;
+146;rhbz1541077.at:1;hash:mac and family mutually exclusive;nftables regression/rhbz1541077.at:1 regression/rhbz1541077.at rhbz1541077.at:1 rhbz1541077.at rhbz1541077 regression ipset;
+147;rhbz1855140.at:1;rich rule icmptypes with one family;nftables regression/rhbz1855140.at:1 regression/rhbz1855140.at rhbz1855140.at:1 rhbz1855140.at rhbz1855140 regression rich icmp;
+148;rhbz1871298.at:1;rich rule parsing bottleneck;nftables regression/rhbz1871298.at:1 regression/rhbz1871298.at rhbz1871298.at:1 rhbz1871298.at rhbz1871298 regression rich offline scale;
+149;rhbz1596304.at:1;rich rules strip non-printable characters;nftables regression/rhbz1596304.at:1 regression/rhbz1596304.at rhbz1596304.at:1 rhbz1596304.at rhbz1596304 regression rich;
+150;gh703.at:1;add source with mac address;nftables regression/gh703.at:1 regression/gh703.at gh703.at:1 gh703.at gh703 regression;
+151;ipset_netmask_allowed.at:1;ipset netmask allowed type hash:ip;nftables regression/ipset_netmask_allowed.at:1 regression/ipset_netmask_allowed.at ipset_netmask_allowed.at:1 ipset_netmask_allowed.at ipset_netmask_allowed regression ipset reload;
+152;rhbz1940928.at:1;direct -s/-d multiple addresses;nftables regression/rhbz1940928.at:1 regression/rhbz1940928.at rhbz1940928.at:1 rhbz1940928.at rhbz1940928 regression direct rhbz1949552;
+153;rhbz1936896.at:1;ipset type hash:net,net;nftables regression/rhbz1936896.at:1 regression/rhbz1936896.at rhbz1936896.at:1 rhbz1936896.at rhbz1936896 regression;
+154;gh795.at:1;ipset entry delete w/ timeout=0;nftables regression/gh795.at:1 regression/gh795.at gh795.at:1 gh795.at gh795 regression ipset gh794;
+155;rhbz1914935.at:1;zone overlapping ports;nftables regression/rhbz1914935.at:1 regression/rhbz1914935.at rhbz1914935.at:1 rhbz1914935.at rhbz1914935 regression zone port;
+156;gh696.at:1;icmp-block-inversion no log blocked;nftables regression/gh696.at:1 regression/gh696.at gh696.at:1 gh696.at gh696 regression icmp rhbz1945833;
+157;rhbz1917766.at:1;rich rule source with netmask;nftables regression/rhbz1917766.at:1 regression/rhbz1917766.at rhbz1917766.at:1 rhbz1917766.at rhbz1917766 regression rich;
+158;rhbz2014383.at:1;same source in two zone xml;nftables regression/rhbz2014383.at:1 regression/rhbz2014383.at rhbz2014383.at:1 rhbz2014383.at rhbz2014383 regression zone;
+159;gh874.at:1;policy masquerade w/ ingress interface;nftables regression/gh874.at:1 regression/gh874.at gh874.at:1 gh874.at gh874 regression policy zone masquerade gh926;
+160;gh881.at:1;ipset entry overlap detect perf;nftables regression/gh881.at:1 regression/gh881.at gh881.at:1 gh881.at gh881 regression ipset;
+161;service_includes_for_builtin.at:1;service include for built-in;nftables regression/service_includes_for_builtin.at:1 regression/service_includes_for_builtin.at service_includes_for_builtin.at:1 service_includes_for_builtin.at service_includes_for_builtin regression dbus service service_includes_for_built-in;
+162;gh940.at:1;log prefix;nftables regression/gh940.at:1 regression/gh940.at gh940.at:1 gh940.at gh940 regression policy;
+163;build_policy_split_wildcard.at:1;build policy split wildcards;nftables regression/build_policy_split_wildcard.at:1 regression/build_policy_split_wildcard.at build_policy_split_wildcard.at:1 build_policy_split_wildcard.at build_policy_split_wildcard regression gh892 policy;
+164;gh1011.at:1;remove entries results in empty;nftables regression/gh1011.at:1 regression/gh1011.at gh1011.at:1 gh1011.at gh1011 regression ipset rhbz2121985;
+165;rhbz2181406.at:1;rich rule limit;nftables regression/rhbz2181406.at:1 regression/rhbz2181406.at rhbz2181406.at:1 rhbz2181406.at rhbz2181406 regression rich;
+166;ipset_scale.at:1;ipset scale;nftables regression/ipset_scale.at:1 regression/ipset_scale.at ipset_scale.at:1 ipset_scale.at ipset_scale regression ipset gh738 scale;
+167;gh1129.at:1;switch backend to iptables and reload;nftables regression/gh1129.at:1 regression/gh1129.at gh1129.at:1 gh1129.at gh1129 regression;
+168;gh1146.at:1;policy with mixed family zone source;nftables regression/gh1146.at:1 regression/gh1146.at gh1146.at:1 gh1146.at gh1146 regression policy;
+169;gh1152.at:1;list-all identical content;nftables regression/gh1152.at:1 regression/gh1152.at gh1152.at:1 gh1152.at gh1152 regression cli;
+170;rhbz2222044.at:1;duplicate rules after restart;nftables regression/rhbz2222044.at:1 regression/rhbz2222044.at rhbz2222044.at:1 rhbz2222044.at rhbz2222044 regression;
+171;gh1229.at:1;policy dispatch with egress-zone=ANY;nftables regression/gh1229.at:1 regression/gh1229.at gh1229.at:1 gh1229.at gh1229 regression policy gh1234;
+172;gh1278.at:1;policy dispatch update if active;nftables regression/gh1278.at:1 regression/gh1278.at gh1278.at:1 gh1278.at gh1278 regression source policy;
+173;gh1406.at:1;ipset iface;nftables regression/gh1406.at:1 regression/gh1406.at gh1406.at:1 gh1406.at gh1406 regression ipset;
+174;RHEL-67103.at:1;rich rule invalid ipset;nftables regression/rhel-67103.at:1 regression/rhel-67103.at rhel-67103.at:1 rhel-67103.at rhel-67103 regression rich ipset rhel-67331;
+175;python.at:3;firewalld_misc.py;nftables python/python.at:3 python/python.at python.at:3 python.at python;
+176;python.at:8;firewalld_config.py;nftables python/python.at:8 python/python.at python.at:8 python.at python;
+177;python.at:13;firewalld_rich.py;nftables python/python.at:13 python/python.at python.at:13 python.at python;
+178;python.at:18;firewalld_direct.py;nftables python/python.at:18 python/python.at python.at:18 python.at python;
+179;rfc3964_ipv4.at:1;RFC3964_IPv4;nftables features/rfc3964_ipv4.at:1 features/rfc3964_ipv4.at rfc3964_ipv4.at:1 rfc3964_ipv4.at rfc3964_ipv4 features;
+180;service_include.at:1;service include;nftables features/service_include.at:1 features/service_include.at service_include.at:1 service_include.at service_include features service xml gh273 rhbz1720300 gh707 gh1075;
+181;helpers_custom.at:1;customer helpers;nftables features/helpers_custom.at:1 features/helpers_custom.at helpers_custom.at:1 helpers_custom.at helpers_custom features helpers rhbz1733066 gh514 rhbz1769520;
+182;policy.at:5;policy - xml;nftables features/policy.at:5 features/policy.at policy.at:5 policy.at policy features xml;
+183;policy.at:79;policy - create;nftables features/policy.at:79 features/policy.at policy.at:79 policy.at policy features;
+184;policy.at:96;policy - name;nftables features/policy.at:96 features/policy.at policy.at:96 policy.at policy features;
+185;policy.at:109;policy - list;nftables features/policy.at:109 features/policy.at policy.at:109 policy.at policy features;
+186;policy.at:231;policy - options;nftables features/policy.at:231 features/policy.at policy.at:231 policy.at policy features;
+187;policy.at:286;policy - priority;nftables features/policy.at:286 features/policy.at policy.at:286 policy.at policy features;
+188;policy.at:470;policy - zones;nftables features/policy.at:470 features/policy.at policy.at:470 policy.at policy features;
+189;policy.at:822;policy - dispatch;nftables features/policy.at:822 features/policy.at policy.at:822 policy.at policy features;
+190;policy.at:5352;policy - interfaces/sources;nftables features/policy.at:5352 features/policy.at policy.at:5352 policy.at policy features;
+191;policy.at:6073;policy - target;nftables features/policy.at:6073 features/policy.at policy.at:6073 policy.at policy features;
+192;policy.at:6122;policy - from file;nftables features/policy.at:6122 features/policy.at policy.at:6122 policy.at policy features;
+193;policy.at:6139;policy - zone drifting not allowed;nftables features/policy.at:6139 features/policy.at policy.at:6139 policy.at policy features gh797;
+194;policy.at:6301;policy - multiple using same zone source;nftables features/policy.at:6301 features/policy.at policy.at:6301 policy.at policy features source;
+195;services.at:1;services;nftables features/services.at:1 features/services.at services.at:1 services.at services features policy service;
+196;ports.at:1;ports;nftables features/ports.at:1 features/ports.at ports.at:1 ports.at ports features policy port;
+197;source_ports.at:1;source ports;nftables features/source_ports.at:1 features/source_ports.at source_ports.at:1 source_ports.at source_ports features policy source_port;
+198;forward_ports.at:1;forward ports;nftables features/forward_ports.at:1 features/forward_ports.at forward_ports.at:1 forward_ports.at forward_ports features policy forward_port;
+199;forward_ports.at:207;forward ports (OUTPUT);nftables features/forward_ports.at:207 features/forward_ports.at forward_ports.at:207 forward_ports.at forward_ports features policy forward_port rhbz2039542;
+200;forward_ports.at:287;forward ports - logging and limiting;nftables features/forward_ports.at:287 features/forward_ports.at forward_ports.at:287 forward_ports.at forward_ports features forward_port rich logging limit;
+201;masquerade.at:1;masquerade;nftables features/masquerade.at:1 features/masquerade.at masquerade.at:1 masquerade.at masquerade features policy gh926;
+202;protocols.at:1;protocols;nftables features/protocols.at:1 features/protocols.at protocols.at:1 protocols.at protocols features policy protocol;
+203;rich_rules.at:1;rich rules;nftables features/rich_rules.at:1 features/rich_rules.at rich_rules.at:1 rich_rules.at rich_rules features policy rich;
+204;icmp_blocks.at:1;ICMP blocks;nftables features/icmp_blocks.at:1 features/icmp_blocks.at icmp_blocks.at:1 icmp_blocks.at icmp_blocks features policy icmp_block;
+205;rich_tcp_mss_clamp.at:5;tcp-mss-clamp;nftables features/rich_tcp_mss_clamp.at:5 features/rich_tcp_mss_clamp.at rich_tcp_mss_clamp.at:5 rich_tcp_mss_clamp.at rich_tcp_mss_clamp features tcp-mss-clamp gh1121;
+206;rich_destination_ipset.at:1;rich destination ipset;nftables features/rich_destination_ipset.at:1 features/rich_destination_ipset.at rich_destination_ipset.at:1 rich_destination_ipset.at rich_destination_ipset features rich ipset;
+207;zone.at:1;zone - target;nftables features/zone.at:1 features/zone.at zone.at:1 zone.at zone features;
+208;rpfilter.at:1;rpfilter - strict;nftables features/rpfilter.at:1 features/rpfilter.at rpfilter.at:1 rpfilter.at rpfilter features;
+209;rpfilter.at:27;rpfilter - loose;nftables features/rpfilter.at:27 features/rpfilter.at rpfilter.at:27 rpfilter.at rpfilter features;
+210;rpfilter.at:53;rpfilter - strict-forward;nftables features/rpfilter.at:53 features/rpfilter.at rpfilter.at:53 rpfilter.at rpfilter features;
+211;rpfilter.at:89;rpfilter - loose-forward;nftables features/rpfilter.at:89 features/rpfilter.at rpfilter.at:89 rpfilter.at rpfilter features;
+212;rpfilter.at:125;rpfilter - config values;nftables features/rpfilter.at:125 features/rpfilter.at rpfilter.at:125 rpfilter.at rpfilter features rhel-72937;
+213;rpfilter.at:147;rpfilter - config values, -forward;nftables features/rpfilter.at:147 features/rpfilter.at rpfilter.at:147 rpfilter.at rpfilter features rhel-72937;
+214;zone_combine.at:1;zone - combine;nftables features/zone_combine.at:1 features/zone_combine.at zone_combine.at:1 zone_combine.at zone_combine features zone;
+215;startup_failsafe.at:1;startup failsafe - invalid xml;nftables features/startup_failsafe.at:1 features/startup_failsafe.at startup_failsafe.at:1 startup_failsafe.at startup_failsafe features failsafe;
+216;startup_failsafe.at:1;startup failsafe - bad zone;nftables features/startup_failsafe.at:1 features/startup_failsafe.at startup_failsafe.at:1 startup_failsafe.at startup_failsafe features failsafe;
+217;startup_failsafe.at:1;startup failsafe - bad policy;nftables features/startup_failsafe.at:1 features/startup_failsafe.at startup_failsafe.at:1 startup_failsafe.at startup_failsafe features failsafe;
+218;startup_failsafe.at:1;startup failsafe - non-existent service;nftables features/startup_failsafe.at:1 features/startup_failsafe.at startup_failsafe.at:1 startup_failsafe.at startup_failsafe features failsafe;
+219;startup_failsafe.at:1;startup failsafe - non-existent icmptype;nftables features/startup_failsafe.at:1 features/startup_failsafe.at startup_failsafe.at:1 startup_failsafe.at startup_failsafe features failsafe;
+220;startup_failsafe.at:1;startup failsafe - bad direct;nftables features/startup_failsafe.at:1 features/startup_failsafe.at startup_failsafe.at:1 startup_failsafe.at startup_failsafe features failsafe;
+221;startup_failsafe.at:1;startup failsafe - broken stock config;nftables features/startup_failsafe.at:1 features/startup_failsafe.at startup_failsafe.at:1 startup_failsafe.at startup_failsafe features;
+222;ipset_defer_native_ipset_creation.at:1;ipset defer native creation;nftables features/ipset_defer_native_ipset_creation.at:1 features/ipset_defer_native_ipset_creation.at ipset_defer_native_ipset_creation.at:1 ipset_defer_native_ipset_creation.at ipset_defer_native_ipset_creation features ipset direct rhbz2122678;
+223;reset_defaults.at:1;reset defaults;nftables features/reset_defaults.at:1 features/reset_defaults.at reset_defaults.at:1 reset_defaults.at reset_defaults features reset;
+224;iptables_no_flush_on_shutdown.at:1;avoid iptables flush if using nftables;nftables features/iptables_no_flush_on_shutdown.at:1 features/iptables_no_flush_on_shutdown.at iptables_no_flush_on_shutdown.at:1 iptables_no_flush_on_shutdown.at iptables_no_flush_on_shutdown features direct gh863;
+225;zone_priority.at:1;zone - priority;nftables features/zone_priority.at:1 features/zone_priority.at zone_priority.at:1 zone_priority.at zone_priority features zone;
+226;nftables_flowtable.at:1;nftables flowtable;nftables features/nftables_flowtable.at:1 features/nftables_flowtable.at nftables_flowtable.at:1 nftables_flowtable.at nftables_flowtable features flowtable;
+227;nftables_counters.at:1;nftables counters;nftables features/nftables_counters.at:1 features/nftables_counters.at nftables_counters.at:1 nftables_counters.at nftables_counters features counters;
+228;reloadpolicy.at:1;check ReloadPolicy;nftables features/reloadpolicy.at:1 features/reloadpolicy.at reloadpolicy.at:1 reloadpolicy.at reloadpolicy features rhbz2149039;
+229;nftables_table_owner.at:1;nftables table owner;nftables features/nftables_table_owner.at:1 features/nftables_table_owner.at nftables_table_owner.at:1 nftables_table_owner.at nftables_table_owner features rhel-17002;
+230;strict_forward_ports.at:1;strict forward ports;nftables features/strict_forward_ports.at:1 features/strict_forward_ports.at strict_forward_ports.at:1 strict_forward_ports.at strict_forward_ports features forward_port gh869 gh1380;
+231;firewall-cmd.at:5;basic options;iptables cli/firewall-cmd.at:5 cli/firewall-cmd.at firewall-cmd.at:5 firewall-cmd.at firewall-cmd cli panic reload gh808;
+232;firewall-cmd.at:34;get/list options;iptables cli/firewall-cmd.at:34 cli/firewall-cmd.at firewall-cmd.at:34 firewall-cmd.at firewall-cmd cli zone service icmp;
+233;firewall-cmd.at:50;default zone;iptables cli/firewall-cmd.at:50 cli/firewall-cmd.at firewall-cmd.at:50 firewall-cmd.at firewall-cmd cli zone;
+234;firewall-cmd.at:62;user zone;iptables cli/firewall-cmd.at:62 cli/firewall-cmd.at firewall-cmd.at:62 firewall-cmd.at firewall-cmd cli zone;
+235;firewall-cmd.at:82;zone interfaces;iptables cli/firewall-cmd.at:82 cli/firewall-cmd.at firewall-cmd.at:82 firewall-cmd.at firewall-cmd cli zone;
+236;firewall-cmd.at:170;zone sources;iptables cli/firewall-cmd.at:170 cli/firewall-cmd.at firewall-cmd.at:170 firewall-cmd.at firewall-cmd cli zone;
+237;firewall-cmd.at:223;services;iptables cli/firewall-cmd.at:223 cli/firewall-cmd.at firewall-cmd.at:223 firewall-cmd.at firewall-cmd cli service;
+238;firewall-cmd.at:267;user services;iptables cli/firewall-cmd.at:267 cli/firewall-cmd.at firewall-cmd.at:267 firewall-cmd.at firewall-cmd cli service;
+239;firewall-cmd.at:349;ports;iptables cli/firewall-cmd.at:349 cli/firewall-cmd.at firewall-cmd.at:349 firewall-cmd.at firewall-cmd cli port;
+240;firewall-cmd.at:406;source ports;iptables cli/firewall-cmd.at:406 cli/firewall-cmd.at firewall-cmd.at:406 firewall-cmd.at firewall-cmd cli port;
+241;firewall-cmd.at:443;protocols;iptables cli/firewall-cmd.at:443 cli/firewall-cmd.at firewall-cmd.at:443 firewall-cmd.at firewall-cmd cli protocol;
+242;firewall-cmd.at:471;masquerade;iptables cli/firewall-cmd.at:471 cli/firewall-cmd.at firewall-cmd.at:471 firewall-cmd.at firewall-cmd cli masquerade nat;
+243;firewall-cmd.at:498;forward;iptables cli/firewall-cmd.at:498 cli/firewall-cmd.at firewall-cmd.at:498 firewall-cmd.at firewall-cmd cli forward gh586 gh613;
+244;firewall-cmd.at:686;forward ports;iptables cli/firewall-cmd.at:686 cli/firewall-cmd.at firewall-cmd.at:686 firewall-cmd.at firewall-cmd cli port forward_port;
+245;firewall-cmd.at:785;ICMP block;iptables cli/firewall-cmd.at:785 cli/firewall-cmd.at firewall-cmd.at:785 firewall-cmd.at firewall-cmd cli icmp;
+246;firewall-cmd.at:831;user ICMP types;iptables cli/firewall-cmd.at:831 cli/firewall-cmd.at firewall-cmd.at:831 firewall-cmd.at firewall-cmd cli icmp;
+247;firewall-cmd.at:854;ipset;iptables cli/firewall-cmd.at:854 cli/firewall-cmd.at firewall-cmd.at:854 firewall-cmd.at firewall-cmd cli ipset rhbz1685256;
+248;firewall-cmd.at:1063;user helpers;iptables cli/firewall-cmd.at:1063 cli/firewall-cmd.at firewall-cmd.at:1063 firewall-cmd.at firewall-cmd cli helper;
+249;firewall-cmd.at:1091;direct;iptables cli/firewall-cmd.at:1091 cli/firewall-cmd.at firewall-cmd.at:1091 firewall-cmd.at firewall-cmd cli direct;
+250;firewall-cmd.at:1165;direct nat;iptables cli/firewall-cmd.at:1165 cli/firewall-cmd.at firewall-cmd.at:1165 firewall-cmd.at firewall-cmd cli direct nat;
+251;firewall-cmd.at:1190;direct passthrough;iptables cli/firewall-cmd.at:1190 cli/firewall-cmd.at firewall-cmd.at:1190 firewall-cmd.at firewall-cmd cli direct passthrough;
+252;firewall-cmd.at:1228;direct ebtables;iptables cli/firewall-cmd.at:1228 cli/firewall-cmd.at firewall-cmd.at:1228 firewall-cmd.at firewall-cmd cli direct ebtables;
+253;firewall-cmd.at:1274;lockdown;iptables cli/firewall-cmd.at:1274 cli/firewall-cmd.at firewall-cmd.at:1274 firewall-cmd.at firewall-cmd cli lockdown;
+254;firewall-cmd.at:1369;rich rules good;iptables cli/firewall-cmd.at:1369 cli/firewall-cmd.at firewall-cmd.at:1369 firewall-cmd.at firewall-cmd cli rich;
+255;firewall-cmd.at:1403;rich rules audit;iptables cli/firewall-cmd.at:1403 cli/firewall-cmd.at firewall-cmd.at:1403 firewall-cmd.at firewall-cmd cli rich;
+256;firewall-cmd.at:1411;rich rules priority;iptables cli/firewall-cmd.at:1411 cli/firewall-cmd.at firewall-cmd.at:1411 firewall-cmd.at firewall-cmd cli rich;
+257;firewall-cmd.at:1966;rich rules bad;iptables cli/firewall-cmd.at:1966 cli/firewall-cmd.at firewall-cmd.at:1966 firewall-cmd.at firewall-cmd cli rich;
+258;firewall-cmd.at:2009;config validation;iptables cli/firewall-cmd.at:2009 cli/firewall-cmd.at firewall-cmd.at:2009 firewall-cmd.at firewall-cmd cli check_config;
+259;rhbz1514043.at:1;--set-log-denied does not zero config;iptables regression/rhbz1514043.at:1 regression/rhbz1514043.at rhbz1514043.at:1 rhbz1514043.at rhbz1514043 regression log_denied;
+260;rhbz1498923.at:1;invalid direct rule causes reload error;iptables regression/rhbz1498923.at:1 regression/rhbz1498923.at rhbz1498923.at:1 rhbz1498923.at rhbz1498923 regression direct reload;
+261;pr181.at:1;combined zones name length check;iptables regression/pr181.at:1 regression/pr181.at pr181.at:1 pr181.at pr181 regression zone gh181;
+262;gh287.at:1;ICMP block inversion;iptables regression/gh287.at:1 regression/gh287.at gh287.at:1 gh287.at gh287 regression icmp;
+263;individual_calls.at:1;individual calls;iptables regression/individual_calls.at:1 regression/individual_calls.at individual_calls.at:1 individual_calls.at individual_calls regression;
+264;rhbz1534571.at:3;rule deduplication;iptables regression/rhbz1534571.at:3 regression/rhbz1534571.at rhbz1534571.at:3 rhbz1534571.at rhbz1534571 regression;
+265;gh290.at:1;invalid syntax in xml files;iptables regression/gh290.at:1 regression/gh290.at gh290.at:1 gh290.at gh290 regression xml direct;
+266;gh290.at:19;invalid syntax in xml files;iptables regression/gh290.at:19 regression/gh290.at gh290.at:19 gh290.at gh290 regression xml zone;
+267;icmp_block_in_forward_chain.at:1;ICMP block not present FORWARD chain;iptables regression/icmp_block_in_forward_chain.at:1 regression/icmp_block_in_forward_chain.at icmp_block_in_forward_chain.at:1 icmp_block_in_forward_chain.at icmp_block_in_forward_chain regression icmp;
+268;pr323.at:1;GRE proto helper;iptables regression/pr323.at:1 regression/pr323.at pr323.at:1 pr323.at pr323 regression helper gh323;
+269;rhbz1506742.at:1;ipset with timeout;iptables regression/rhbz1506742.at:1 regression/rhbz1506742.at rhbz1506742.at:1 rhbz1506742.at rhbz1506742 regression ipset rhbz2055330 gh699 gh908;
+270;rhbz1594657.at:1;no log untracked passthrough queries;iptables regression/rhbz1594657.at:1 regression/rhbz1594657.at rhbz1594657.at:1 rhbz1594657.at rhbz1594657 regression direct passthrough;
+271;rhbz1571957.at:1;set-log-denied w/ ICMP block inversion;iptables regression/rhbz1571957.at:1 regression/rhbz1571957.at rhbz1571957.at:1 rhbz1571957.at rhbz1571957 regression log_denied icmp;
+272;rhbz1404076.at:1;query single port added with range;iptables regression/rhbz1404076.at:1 regression/rhbz1404076.at rhbz1404076.at:1 rhbz1404076.at rhbz1404076 regression port;
+273;gh366.at:1;service destination multiple IP versions;iptables regression/gh366.at:1 regression/gh366.at gh366.at:1 gh366.at gh366 regression service;
+274;rhbz1601610.at:1;ipset duplicate entries;iptables regression/rhbz1601610.at:1 regression/rhbz1601610.at rhbz1601610.at:1 rhbz1601610.at rhbz1601610 regression ipset;
+275;gh303.at:1;unicode in XML;iptables regression/gh303.at:1 regression/gh303.at gh303.at:1 gh303.at gh303 regression xml unicode service;
+276;gh335.at:1;forward-port toaddr enables IP forwarding;iptables regression/gh335.at:1 regression/gh335.at gh335.at:1 gh335.at gh335 regression port forward_port;
+277;gh482.at:1;remove forward-port after reload;iptables regression/gh482.at:1 regression/gh482.at gh482.at:1 gh482.at gh482 regression rhbz1637675 rich forward_port;
+278;gh478.at:1;rich rule marks every packet;iptables regression/gh478.at:1 regression/gh478.at gh478.at:1 gh478.at gh478 regression rich mark;
+279;gh258.at:1;zone dispatch layout;iptables regression/gh258.at:1 regression/gh258.at gh258.at:1 gh258.at gh258 regression zone gh441 rhbz1713823;
+280;rhbz1715977.at:1;rich rule src/dst with service destination;iptables regression/rhbz1715977.at:1 regression/rhbz1715977.at rhbz1715977.at:1 rhbz1715977.at rhbz1715977 regression rich service rhbz1729097 rhbz1791783;
+281;rhbz1723610.at:1;direct remove-rules per family;iptables regression/rhbz1723610.at:1 regression/rhbz1723610.at rhbz1723610.at:1 rhbz1723610.at rhbz1723610 regression direct gh385;
+282;rhbz1734765.at:1;zone sources ordered by name;iptables regression/rhbz1734765.at:1 regression/rhbz1734765.at rhbz1734765.at:1 rhbz1734765.at rhbz1734765 regression zone rhbz1421222 gh166 rhbz1738545;
+283;gh567.at:1;rich rule source w/ mark action;iptables regression/gh567.at:1 regression/gh567.at gh567.at:1 gh567.at gh567 regression rich ipset;
+284;rhbz1779835.at:1;ipv6 address with brackets;iptables regression/rhbz1779835.at:1 regression/rhbz1779835.at rhbz1779835.at:1 rhbz1779835.at rhbz1779835 regression ipset;
+285;rhbz1779835.at:16;ipv6 address with brackets;iptables regression/rhbz1779835.at:16 regression/rhbz1779835.at rhbz1779835.at:16 rhbz1779835.at rhbz1779835 regression zone forward_port rich;
+286;gh330.at:1;ipset cleanup on reload/stop;iptables regression/gh330.at:1 regression/gh330.at gh330.at:1 gh330.at gh330 regression ipset reload rhbz1682913 rhbz1790948 rhbz1809225;
+287;gh599.at:1;writing to log after copytruncate;iptables regression/gh599.at:1 regression/gh599.at gh599.at:1 gh599.at gh599 regression;
+288;rhbz1829104.at:1;direct rule in zone chain;iptables regression/rhbz1829104.at:1 regression/rhbz1829104.at rhbz1829104.at:1 rhbz1829104.at rhbz1829104 regression direct;
+289;rhbz1843398.at:1;rich rule source mac;iptables regression/rhbz1843398.at:1 regression/rhbz1843398.at rhbz1843398.at:1 rhbz1843398.at rhbz1843398 regression rich gh643;
+290;rhbz1839781.at:1;service RH-Satellite-6;iptables regression/rhbz1839781.at:1 regression/rhbz1839781.at rhbz1839781.at:1 rhbz1839781.at rhbz1839781 regression service;
+291;rhbz1689429.at:1;rich rule invalid priority;iptables regression/rhbz1689429.at:1 regression/rhbz1689429.at rhbz1689429.at:1 rhbz1689429.at rhbz1689429 regression rich;
+292;rhbz1483921.at:1;direct and zone mutually exclusive;iptables regression/rhbz1483921.at:1 regression/rhbz1483921.at rhbz1483921.at:1 rhbz1483921.at rhbz1483921 regression direct;
+293;rhbz1541077.at:1;hash:mac and family mutually exclusive;iptables regression/rhbz1541077.at:1 regression/rhbz1541077.at rhbz1541077.at:1 rhbz1541077.at rhbz1541077 regression ipset;
+294;rhbz1855140.at:1;rich rule icmptypes with one family;iptables regression/rhbz1855140.at:1 regression/rhbz1855140.at rhbz1855140.at:1 rhbz1855140.at rhbz1855140 regression rich icmp;
+295;rhbz1871298.at:1;rich rule parsing bottleneck;iptables regression/rhbz1871298.at:1 regression/rhbz1871298.at rhbz1871298.at:1 rhbz1871298.at rhbz1871298 regression rich offline scale;
+296;rhbz1596304.at:1;rich rules strip non-printable characters;iptables regression/rhbz1596304.at:1 regression/rhbz1596304.at rhbz1596304.at:1 rhbz1596304.at rhbz1596304 regression rich;
+297;gh703.at:1;add source with mac address;iptables regression/gh703.at:1 regression/gh703.at gh703.at:1 gh703.at gh703 regression;
+298;ipset_netmask_allowed.at:1;ipset netmask allowed type hash:ip;iptables regression/ipset_netmask_allowed.at:1 regression/ipset_netmask_allowed.at ipset_netmask_allowed.at:1 ipset_netmask_allowed.at ipset_netmask_allowed regression ipset reload;
+299;rhbz1940928.at:1;direct -s/-d multiple addresses;iptables regression/rhbz1940928.at:1 regression/rhbz1940928.at rhbz1940928.at:1 rhbz1940928.at rhbz1940928 regression direct rhbz1949552;
+300;rhbz1936896.at:1;ipset type hash:net,net;iptables regression/rhbz1936896.at:1 regression/rhbz1936896.at rhbz1936896.at:1 rhbz1936896.at rhbz1936896 regression;
+301;gh795.at:1;ipset entry delete w/ timeout=0;iptables regression/gh795.at:1 regression/gh795.at gh795.at:1 gh795.at gh795 regression ipset gh794;
+302;rhbz1914935.at:1;zone overlapping ports;iptables regression/rhbz1914935.at:1 regression/rhbz1914935.at rhbz1914935.at:1 rhbz1914935.at rhbz1914935 regression zone port;
+303;gh696.at:1;icmp-block-inversion no log blocked;iptables regression/gh696.at:1 regression/gh696.at gh696.at:1 gh696.at gh696 regression icmp rhbz1945833;
+304;rhbz1917766.at:1;rich rule source with netmask;iptables regression/rhbz1917766.at:1 regression/rhbz1917766.at rhbz1917766.at:1 rhbz1917766.at rhbz1917766 regression rich;
+305;rhbz2014383.at:1;same source in two zone xml;iptables regression/rhbz2014383.at:1 regression/rhbz2014383.at rhbz2014383.at:1 rhbz2014383.at rhbz2014383 regression zone;
+306;gh874.at:1;policy masquerade w/ ingress interface;iptables regression/gh874.at:1 regression/gh874.at gh874.at:1 gh874.at gh874 regression policy zone masquerade gh926;
+307;gh881.at:1;ipset entry overlap detect perf;iptables regression/gh881.at:1 regression/gh881.at gh881.at:1 gh881.at gh881 regression ipset;
+308;service_includes_for_builtin.at:1;service include for built-in;iptables regression/service_includes_for_builtin.at:1 regression/service_includes_for_builtin.at service_includes_for_builtin.at:1 service_includes_for_builtin.at service_includes_for_builtin regression dbus service service_includes_for_built-in;
+309;gh940.at:1;log prefix;iptables regression/gh940.at:1 regression/gh940.at gh940.at:1 gh940.at gh940 regression policy;
+310;build_policy_split_wildcard.at:1;build policy split wildcards;iptables regression/build_policy_split_wildcard.at:1 regression/build_policy_split_wildcard.at build_policy_split_wildcard.at:1 build_policy_split_wildcard.at build_policy_split_wildcard regression gh892 policy;
+311;gh1011.at:1;remove entries results in empty;iptables regression/gh1011.at:1 regression/gh1011.at gh1011.at:1 gh1011.at gh1011 regression ipset rhbz2121985;
+312;rhbz2181406.at:1;rich rule limit;iptables regression/rhbz2181406.at:1 regression/rhbz2181406.at rhbz2181406.at:1 rhbz2181406.at rhbz2181406 regression rich;
+313;ipset_scale.at:1;ipset scale;iptables regression/ipset_scale.at:1 regression/ipset_scale.at ipset_scale.at:1 ipset_scale.at ipset_scale regression ipset gh738 scale;
+314;gh1129.at:16;switch backend to nftables and reload;iptables regression/gh1129.at:16 regression/gh1129.at gh1129.at:16 gh1129.at gh1129 regression;
+315;gh1146.at:1;policy with mixed family zone source;iptables regression/gh1146.at:1 regression/gh1146.at gh1146.at:1 gh1146.at gh1146 regression policy;
+316;gh1152.at:1;list-all identical content;iptables regression/gh1152.at:1 regression/gh1152.at gh1152.at:1 gh1152.at gh1152 regression cli;
+317;rhbz2222044.at:1;duplicate rules after restart;iptables regression/rhbz2222044.at:1 regression/rhbz2222044.at rhbz2222044.at:1 rhbz2222044.at rhbz2222044 regression;
+318;gh1229.at:1;policy dispatch with egress-zone=ANY;iptables regression/gh1229.at:1 regression/gh1229.at gh1229.at:1 gh1229.at gh1229 regression policy gh1234;
+319;gh1278.at:1;policy dispatch update if active;iptables regression/gh1278.at:1 regression/gh1278.at gh1278.at:1 gh1278.at gh1278 regression source policy;
+320;gh1406.at:1;ipset iface;iptables regression/gh1406.at:1 regression/gh1406.at gh1406.at:1 gh1406.at gh1406 regression ipset;
+321;RHEL-67103.at:1;rich rule invalid ipset;iptables regression/rhel-67103.at:1 regression/rhel-67103.at rhel-67103.at:1 rhel-67103.at rhel-67103 regression rich ipset rhel-67331;
+322;python.at:3;firewalld_misc.py;iptables python/python.at:3 python/python.at python.at:3 python.at python;
+323;python.at:8;firewalld_config.py;iptables python/python.at:8 python/python.at python.at:8 python.at python;
+324;python.at:13;firewalld_rich.py;iptables python/python.at:13 python/python.at python.at:13 python.at python;
+325;python.at:18;firewalld_direct.py;iptables python/python.at:18 python/python.at python.at:18 python.at python;
+326;rfc3964_ipv4.at:1;RFC3964_IPv4;iptables features/rfc3964_ipv4.at:1 features/rfc3964_ipv4.at rfc3964_ipv4.at:1 rfc3964_ipv4.at rfc3964_ipv4 features;
+327;service_include.at:1;service include;iptables features/service_include.at:1 features/service_include.at service_include.at:1 service_include.at service_include features service xml gh273 rhbz1720300 gh707 gh1075;
+328;helpers_custom.at:1;customer helpers;iptables features/helpers_custom.at:1 features/helpers_custom.at helpers_custom.at:1 helpers_custom.at helpers_custom features helpers rhbz1733066 gh514 rhbz1769520;
+329;policy.at:5;policy - xml;iptables features/policy.at:5 features/policy.at policy.at:5 policy.at policy features xml;
+330;policy.at:79;policy - create;iptables features/policy.at:79 features/policy.at policy.at:79 policy.at policy features;
+331;policy.at:96;policy - name;iptables features/policy.at:96 features/policy.at policy.at:96 policy.at policy features;
+332;policy.at:109;policy - list;iptables features/policy.at:109 features/policy.at policy.at:109 policy.at policy features;
+333;policy.at:231;policy - options;iptables features/policy.at:231 features/policy.at policy.at:231 policy.at policy features;
+334;policy.at:286;policy - priority;iptables features/policy.at:286 features/policy.at policy.at:286 policy.at policy features;
+335;policy.at:470;policy - zones;iptables features/policy.at:470 features/policy.at policy.at:470 policy.at policy features;
+336;policy.at:822;policy - dispatch;iptables features/policy.at:822 features/policy.at policy.at:822 policy.at policy features;
+337;policy.at:5352;policy - interfaces/sources;iptables features/policy.at:5352 features/policy.at policy.at:5352 policy.at policy features;
+338;policy.at:6073;policy - target;iptables features/policy.at:6073 features/policy.at policy.at:6073 policy.at policy features;
+339;policy.at:6122;policy - from file;iptables features/policy.at:6122 features/policy.at policy.at:6122 policy.at policy features;
+340;policy.at:6139;policy - zone drifting not allowed;iptables features/policy.at:6139 features/policy.at policy.at:6139 policy.at policy features gh797;
+341;policy.at:6301;policy - multiple using same zone source;iptables features/policy.at:6301 features/policy.at policy.at:6301 policy.at policy features source;
+342;services.at:1;services;iptables features/services.at:1 features/services.at services.at:1 services.at services features policy service;
+343;ports.at:1;ports;iptables features/ports.at:1 features/ports.at ports.at:1 ports.at ports features policy port;
+344;source_ports.at:1;source ports;iptables features/source_ports.at:1 features/source_ports.at source_ports.at:1 source_ports.at source_ports features policy source_port;
+345;forward_ports.at:1;forward ports;iptables features/forward_ports.at:1 features/forward_ports.at forward_ports.at:1 forward_ports.at forward_ports features policy forward_port;
+346;forward_ports.at:207;forward ports (OUTPUT);iptables features/forward_ports.at:207 features/forward_ports.at forward_ports.at:207 forward_ports.at forward_ports features policy forward_port rhbz2039542;
+347;forward_ports.at:287;forward ports - logging and limiting;iptables features/forward_ports.at:287 features/forward_ports.at forward_ports.at:287 forward_ports.at forward_ports features forward_port rich logging limit;
+348;masquerade.at:1;masquerade;iptables features/masquerade.at:1 features/masquerade.at masquerade.at:1 masquerade.at masquerade features policy gh926;
+349;protocols.at:1;protocols;iptables features/protocols.at:1 features/protocols.at protocols.at:1 protocols.at protocols features policy protocol;
+350;rich_rules.at:1;rich rules;iptables features/rich_rules.at:1 features/rich_rules.at rich_rules.at:1 rich_rules.at rich_rules features policy rich;
+351;icmp_blocks.at:1;ICMP blocks;iptables features/icmp_blocks.at:1 features/icmp_blocks.at icmp_blocks.at:1 icmp_blocks.at icmp_blocks features policy icmp_block;
+352;rich_tcp_mss_clamp.at:5;tcp-mss-clamp;iptables features/rich_tcp_mss_clamp.at:5 features/rich_tcp_mss_clamp.at rich_tcp_mss_clamp.at:5 rich_tcp_mss_clamp.at rich_tcp_mss_clamp features tcp-mss-clamp gh1121;
+353;rich_destination_ipset.at:1;rich destination ipset;iptables features/rich_destination_ipset.at:1 features/rich_destination_ipset.at rich_destination_ipset.at:1 rich_destination_ipset.at rich_destination_ipset features rich ipset;
+354;zone.at:1;zone - target;iptables features/zone.at:1 features/zone.at zone.at:1 zone.at zone features;
+355;rpfilter.at:1;rpfilter - strict;iptables features/rpfilter.at:1 features/rpfilter.at rpfilter.at:1 rpfilter.at rpfilter features;
+356;rpfilter.at:27;rpfilter - loose;iptables features/rpfilter.at:27 features/rpfilter.at rpfilter.at:27 rpfilter.at rpfilter features;
+357;rpfilter.at:53;rpfilter - strict-forward;iptables features/rpfilter.at:53 features/rpfilter.at rpfilter.at:53 rpfilter.at rpfilter features;
+358;rpfilter.at:89;rpfilter - loose-forward;iptables features/rpfilter.at:89 features/rpfilter.at rpfilter.at:89 rpfilter.at rpfilter features;
+359;rpfilter.at:125;rpfilter - config values;iptables features/rpfilter.at:125 features/rpfilter.at rpfilter.at:125 rpfilter.at rpfilter features rhel-72937;
+360;rpfilter.at:147;rpfilter - config values, -forward;iptables features/rpfilter.at:147 features/rpfilter.at rpfilter.at:147 rpfilter.at rpfilter features rhel-72937;
+361;zone_combine.at:1;zone - combine;iptables features/zone_combine.at:1 features/zone_combine.at zone_combine.at:1 zone_combine.at zone_combine features zone;
+362;reset_defaults.at:1;reset defaults;iptables features/reset_defaults.at:1 features/reset_defaults.at reset_defaults.at:1 reset_defaults.at reset_defaults features reset;
+363;zone_priority.at:1;zone - priority;iptables features/zone_priority.at:1 features/zone_priority.at zone_priority.at:1 zone_priority.at zone_priority features zone;
+364;reloadpolicy.at:1;check ReloadPolicy;iptables features/reloadpolicy.at:1 features/reloadpolicy.at reloadpolicy.at:1 reloadpolicy.at reloadpolicy features rhbz2149039;
+365;strict_forward_ports.at:1;strict forward ports;iptables features/strict_forward_ports.at:1 features/strict_forward_ports.at strict_forward_ports.at:1 strict_forward_ports.at strict_forward_ports features forward_port gh869 gh1380;
"
# List of the all the test groups.
at_groups_all=`printf "%s\n" "$at_help_all" | sed 's/;.*//'`
@@ -983,7 +988,7 @@ at_fn_validate_ranges ()
for at_grp
do
eval at_value=\$$at_grp
- if test $at_value -lt 1 || test $at_value -gt 360; then
+ if test $at_value -lt 1 || test $at_value -gt 365; then
printf "%s\n" "invalid test group: $at_value" >&2
exit 1
fi
@@ -1281,7 +1286,7 @@ fi
# List of tests.
if $at_list_p; then
cat <<_ATEOF || at_write_fail=1
-firewalld 2.3.0 test suite test groups:
+firewalld 2.3.1 test suite test groups:
NUM: FILE-NAME:LINE TEST-GROUP-NAME
KEYWORDS
@@ -1322,7 +1327,7 @@ _ATEOF
exit $at_write_fail
fi
if $at_version_p; then
- printf "%s\n" "$as_me (firewalld 2.3.0)" &&
+ printf "%s\n" "$as_me (firewalld 2.3.1)" &&
cat <<\_ATEOF || at_write_fail=1
Copyright (C) 2021 Free Software Foundation, Inc.
@@ -1346,31 +1351,31 @@ at_banner_text_1="firewall-offline-cmd"
# Category starts at test group 29.
at_banner_text_2="features (offline)"
# Banner 3. dbus.at:1
-# Category starts at test group 70.
+# Category starts at test group 71.
at_banner_text_3="dbus"
# Banner 4. firewall-cmd.at:1
-# Category starts at test group 82.
+# Category starts at test group 83.
at_banner_text_4="firewall-cmd (nftables)"
# Banner 5. regression.at:1
-# Category starts at test group 110.
+# Category starts at test group 111.
at_banner_text_5="regression (nftables)"
# Banner 6. python.at:1
-# Category starts at test group 173.
+# Category starts at test group 175.
at_banner_text_6="python (nftables)"
# Banner 7. features.at:1
-# Category starts at test group 177.
+# Category starts at test group 179.
at_banner_text_7="features (nftables)"
# Banner 8. firewall-cmd.at:1
-# Category starts at test group 228.
+# Category starts at test group 231.
at_banner_text_8="firewall-cmd (iptables)"
# Banner 9. regression.at:1
-# Category starts at test group 256.
+# Category starts at test group 259.
at_banner_text_9="regression (iptables)"
# Banner 10. python.at:1
-# Category starts at test group 318.
+# Category starts at test group 322.
at_banner_text_10="python (iptables)"
# Banner 11. features.at:1
-# Category starts at test group 322.
+# Category starts at test group 326.
at_banner_text_11="features (iptables)"
# Take any -C into account.
@@ -1540,11 +1545,11 @@ exec 5>>"$at_suite_log"
# Banners and logs.
printf "%s\n" "## --------------------------- ##
-## firewalld 2.3.0 test suite. ##
+## firewalld 2.3.1 test suite. ##
## --------------------------- ##"
{
printf "%s\n" "## --------------------------- ##
-## firewalld 2.3.0 test suite. ##
+## firewalld 2.3.1 test suite. ##
## --------------------------- ##"
echo
@@ -2361,7 +2366,7 @@ _ASBOX
printf "%s\n" "Please send $at_msg and all information you think might help:
To: <https://github.com/firewalld/firewalld>
- Subject: [firewalld 2.3.0] $as_me: $at_msg1$at_msg2
+ Subject: [firewalld 2.3.1] $as_me: $at_msg1$at_msg2
You may investigate any problem if you feel able to do so, in which
case the test suite provides a good starting point. Its output may
@@ -62359,6 +62364,7 @@ $at_traceon; }
+
{ set +x
@@ -62401,6 +62407,7 @@ $at_traceon; }
+
{ set +x
@@ -62443,6 +62450,7 @@ $at_traceon; }
+
{ set +x
@@ -62475,6 +62483,94 @@ $at_traceon; }
+
+
+
+
+
+
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=strict/' ./firewalld.conf"
+at_fn_check_prepare_trace "rpfilter.at:131"
+( $at_check_trace; sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=strict/' ./firewalld.conf
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=loose/' ./firewalld.conf"
+at_fn_check_prepare_trace "rpfilter.at:131"
+( $at_check_trace; sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=loose/' ./firewalld.conf
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -62488,15 +62584,15 @@ $at_traceon; }
{ set +x
-printf "%s\n" "$at_srcdir/rpfilter.at:136: sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=bogus/' ./firewalld.conf"
-at_fn_check_prepare_trace "rpfilter.at:136"
+printf "%s\n" "$at_srcdir/rpfilter.at:142: sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=bogus/' ./firewalld.conf"
+at_fn_check_prepare_trace "rpfilter.at:142"
( $at_check_trace; sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=bogus/' ./firewalld.conf
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:136"
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:142"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -62537,8 +62633,8 @@ $at_traceon; }
read at_status <"$at_status_file"
#AT_STOP_62
#AT_START_63
-at_fn_group_banner 63 'zone_combine.at:1' \
- "zone - combine" " " 2
+at_fn_group_banner 63 'rpfilter.at:147' \
+ "rpfilter - config values, -forward" " " 2
at_xfail=no
(
printf "%s\n" "63. $at_setup_line: testing $at_desc ..."
@@ -62552,6 +62648,184 @@ at_xfail=no
+ test -z "$PYTHON" && export PYTHON="python3"
+ test -z "$EBTABLES" && export EBTABLES="ebtables"
+ test -z "$IPTABLES" && export IPTABLES="iptables"
+ test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore"
+ test -z "$IP6TABLES" && export IP6TABLES="ip6tables"
+ test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore"
+ test -z "$IPSET" && export IPSET="ipset"
+ test -z "$PODMAN" && export PODMAN="podman"
+
+ if locale -a |grep "^C.utf8" >/dev/null; then
+ LC_ALL="C.UTF-8"
+ export LC_ALL
+ fi
+
+ ULIMIT_VAL=""
+ if test -z "$ULIMIT_VAL" ; then
+ ULIMIT_VAL=102400
+ fi
+ if test "$ULIMIT_VAL" -ne 0 ; then
+ ulimit -d "$ULIMIT_VAL"
+ fi
+
+ if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:147: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi"
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:147"
+( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:147"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+ else
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:147: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi"
+at_fn_check_prepare_trace "rpfilter.at:147"
+( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:147"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+ fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:154: sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=strict-forward/' ./firewalld.conf"
+at_fn_check_prepare_trace "rpfilter.at:154"
+( $at_check_trace; sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=strict-forward/' ./firewalld.conf
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:154"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:154: sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=loose-forward/' ./firewalld.conf"
+at_fn_check_prepare_trace "rpfilter.at:154"
+( $at_check_trace; sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=loose-forward/' ./firewalld.conf
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:154"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ set +x
+ $at_times_p && times >"$at_times_file"
+) 5>&1 2>&1 7>&- | eval $at_tee_pipe
+read at_status <"$at_status_file"
+#AT_STOP_63
+#AT_START_64
+at_fn_group_banner 64 'zone_combine.at:1' \
+ "zone - combine" " " 2
+at_xfail=no
+(
+ printf "%s\n" "64. $at_setup_line: testing $at_desc ..."
+ $at_traceon
+
+
+
+
+
+
+
+
+
test -z "$PYTHON" && export PYTHON="python3"
test -z "$EBTABLES" && export EBTABLES="ebtables"
test -z "$IPTABLES" && export IPTABLES="iptables"
@@ -63135,13 +63409,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_63
-#AT_START_64
-at_fn_group_banner 64 'ipset_defer_native_ipset_creation.at:1' \
+#AT_STOP_64
+#AT_START_65
+at_fn_group_banner 65 'ipset_defer_native_ipset_creation.at:1' \
"ipset defer native creation" " " 2
at_xfail=no
(
- printf "%s\n" "64. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "65. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -64214,13 +64488,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_64
-#AT_START_65
-at_fn_group_banner 65 'reset_defaults.at:1' \
+#AT_STOP_65
+#AT_START_66
+at_fn_group_banner 66 'reset_defaults.at:1' \
"reset defaults" " " 2
at_xfail=no
(
- printf "%s\n" "65. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "66. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -65298,13 +65572,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_65
-#AT_START_66
-at_fn_group_banner 66 'zone_priority.at:1' \
+#AT_STOP_66
+#AT_START_67
+at_fn_group_banner 67 'zone_priority.at:1' \
"zone - priority" " " 2
at_xfail=no
(
- printf "%s\n" "66. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "67. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -68143,13 +68417,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_66
-#AT_START_67
-at_fn_group_banner 67 'reloadpolicy.at:1' \
+#AT_STOP_67
+#AT_START_68
+at_fn_group_banner 68 'reloadpolicy.at:1' \
"check ReloadPolicy" " " 2
at_xfail=no
(
- printf "%s\n" "67. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "68. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -68335,13 +68609,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_67
-#AT_START_68
-at_fn_group_banner 68 'strict_forward_ports.at:1' \
+#AT_STOP_68
+#AT_START_69
+at_fn_group_banner 69 'strict_forward_ports.at:1' \
"strict forward ports" " " 2
at_xfail=no
(
- printf "%s\n" "68. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "69. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -69033,13 +69307,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_68
-#AT_START_69
-at_fn_group_banner 69 'firewall-offline-cmd.at:19' \
+#AT_STOP_69
+#AT_START_70
+at_fn_group_banner 70 'firewall-offline-cmd.at:19' \
"lokkit migration" " " 2
at_xfail=no
(
- printf "%s\n" "69. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "70. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -69805,13 +70079,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_69
-#AT_START_70
-at_fn_group_banner 70 'firewalld.conf.at:1' \
+#AT_STOP_70
+#AT_START_71
+at_fn_group_banner 71 'firewalld.conf.at:1' \
"firewalld.conf" " " 3
at_xfail=no
(
- printf "%s\n" "70. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "71. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -70944,13 +71218,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_70
-#AT_START_71
-at_fn_group_banner 71 'service.at:1' \
+#AT_STOP_71
+#AT_START_72
+at_fn_group_banner 72 'service.at:1' \
"dbus api - services" " " 3
at_xfail=no
(
- printf "%s\n" "71. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "72. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -73990,13 +74264,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_71
-#AT_START_72
-at_fn_group_banner 72 'zone_permanent_signatures.at:1' \
+#AT_STOP_72
+#AT_START_73
+at_fn_group_banner 73 'zone_permanent_signatures.at:1' \
"dbus api - zone permanent signatures" " " 3
at_xfail=no
(
- printf "%s\n" "72. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "73. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -77075,13 +77349,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_72
-#AT_START_73
-at_fn_group_banner 73 'zone_runtime_signatures.at:1' \
+#AT_STOP_73
+#AT_START_74
+at_fn_group_banner 74 'zone_runtime_signatures.at:1' \
"dbus api - zone runtime signatures" " " 3
at_xfail=no
(
- printf "%s\n" "73. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "74. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -80173,13 +80447,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_73
-#AT_START_74
-at_fn_group_banner 74 'zone_permanent_functional.at:1' \
+#AT_STOP_74
+#AT_START_75
+at_fn_group_banner 75 'zone_permanent_functional.at:1' \
"dbus api - zone permanent functional" " " 3
at_xfail=no
(
- printf "%s\n" "74. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "75. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -83764,13 +84038,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_74
-#AT_START_75
-at_fn_group_banner 75 'zone_runtime_functional.at:1' \
+#AT_STOP_75
+#AT_START_76
+at_fn_group_banner 76 'zone_runtime_functional.at:1' \
"dbus api - zone runtime functional" " " 3
at_xfail=no
(
- printf "%s\n" "75. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "76. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -86772,13 +87046,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_75
-#AT_START_76
-at_fn_group_banner 76 'policy_permanent_signatures.at:1' \
+#AT_STOP_76
+#AT_START_77
+at_fn_group_banner 77 'policy_permanent_signatures.at:1' \
"dbus api - policy permanent signatures" " " 3
at_xfail=no
(
- printf "%s\n" "76. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "77. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -87568,13 +87842,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_76
-#AT_START_77
-at_fn_group_banner 77 'policy_runtime_signatures.at:1' \
+#AT_STOP_77
+#AT_START_78
+at_fn_group_banner 78 'policy_runtime_signatures.at:1' \
"dbus api - policy runtime signatures" " " 3
at_xfail=no
(
- printf "%s\n" "77. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "78. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -88100,13 +88374,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_77
-#AT_START_78
-at_fn_group_banner 78 'policy_permanent_functional.at:1' \
+#AT_STOP_78
+#AT_START_79
+at_fn_group_banner 79 'policy_permanent_functional.at:1' \
"dbus api - policy permanent functional" " " 3
at_xfail=no
(
- printf "%s\n" "78. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "79. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -89096,13 +89370,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_78
-#AT_START_79
-at_fn_group_banner 79 'policy_runtime_functional.at:1' \
+#AT_STOP_79
+#AT_START_80
+at_fn_group_banner 80 'policy_runtime_functional.at:1' \
"dbus api - policy runtime functional" " " 3
at_xfail=no
(
- printf "%s\n" "79. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "80. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -89807,13 +90081,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_79
-#AT_START_80
-at_fn_group_banner 80 'direct.at:1' \
+#AT_STOP_80
+#AT_START_81
+at_fn_group_banner 81 'direct.at:1' \
"dbus api - direct signatures" " " 3
at_xfail=no
(
- printf "%s\n" "80. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "81. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -91754,13 +92028,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_80
-#AT_START_81
-at_fn_group_banner 81 'lockdown.at:1' \
+#AT_STOP_81
+#AT_START_82
+at_fn_group_banner 82 'lockdown.at:1' \
"dbus api - lockdown signatures" " " 3
at_xfail=no
(
- printf "%s\n" "81. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "82. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -92255,13 +92529,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_81
-#AT_START_82
-at_fn_group_banner 82 'firewall-cmd.at:5' \
+#AT_STOP_82
+#AT_START_83
+at_fn_group_banner 83 'firewall-cmd.at:5' \
"basic options" " " 4
at_xfail=no
(
- printf "%s\n" "82. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "83. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -92857,13 +93131,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_82
-#AT_START_83
-at_fn_group_banner 83 'firewall-cmd.at:34' \
+#AT_STOP_83
+#AT_START_84
+at_fn_group_banner 84 'firewall-cmd.at:34' \
"get/list options" " " 4
at_xfail=no
(
- printf "%s\n" "83. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "84. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -93410,13 +93684,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_83
-#AT_START_84
-at_fn_group_banner 84 'firewall-cmd.at:50' \
+#AT_STOP_84
+#AT_START_85
+at_fn_group_banner 85 'firewall-cmd.at:50' \
"default zone" " " 4
at_xfail=no
(
- printf "%s\n" "84. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "85. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -93871,13 +94145,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_84
-#AT_START_85
-at_fn_group_banner 85 'firewall-cmd.at:62' \
+#AT_STOP_85
+#AT_START_86
+at_fn_group_banner 86 'firewall-cmd.at:62' \
"user zone" " " 4
at_xfail=no
(
- printf "%s\n" "85. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "86. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -94461,13 +94735,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_85
-#AT_START_86
-at_fn_group_banner 86 'firewall-cmd.at:82' \
+#AT_STOP_86
+#AT_START_87
+at_fn_group_banner 87 'firewall-cmd.at:82' \
"zone interfaces" " " 4
at_xfail=no
(
- printf "%s\n" "86. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "87. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -95865,13 +96139,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_86
-#AT_START_87
-at_fn_group_banner 87 'firewall-cmd.at:170' \
+#AT_STOP_87
+#AT_START_88
+at_fn_group_banner 88 'firewall-cmd.at:170' \
"zone sources" " " 4
at_xfail=no
(
- printf "%s\n" "87. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "88. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -98442,13 +98716,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_87
-#AT_START_88
-at_fn_group_banner 88 'firewall-cmd.at:223' \
+#AT_STOP_88
+#AT_START_89
+at_fn_group_banner 89 'firewall-cmd.at:223' \
"services" " " 4
at_xfail=no
(
- printf "%s\n" "88. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "89. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -99322,13 +99596,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_88
-#AT_START_89
-at_fn_group_banner 89 'firewall-cmd.at:267' \
+#AT_STOP_89
+#AT_START_90
+at_fn_group_banner 90 'firewall-cmd.at:267' \
"user services" " " 4
at_xfail=no
(
- printf "%s\n" "89. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "90. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -100749,13 +101023,13 @@ _ATEOF
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_89
-#AT_START_90
-at_fn_group_banner 90 'firewall-cmd.at:349' \
+#AT_STOP_90
+#AT_START_91
+at_fn_group_banner 91 'firewall-cmd.at:349' \
"ports" " " 4
at_xfail=no
(
- printf "%s\n" "90. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "91. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -102005,13 +102279,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_90
-#AT_START_91
-at_fn_group_banner 91 'firewall-cmd.at:406' \
+#AT_STOP_91
+#AT_START_92
+at_fn_group_banner 92 'firewall-cmd.at:406' \
"source ports" " " 4
at_xfail=no
(
- printf "%s\n" "91. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "92. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -102917,13 +103191,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_91
-#AT_START_92
-at_fn_group_banner 92 'firewall-cmd.at:443' \
+#AT_STOP_92
+#AT_START_93
+at_fn_group_banner 93 'firewall-cmd.at:443' \
"protocols" " " 4
at_xfail=no
(
- printf "%s\n" "92. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "93. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -103698,13 +103972,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_92
-#AT_START_93
-at_fn_group_banner 93 'firewall-cmd.at:471' \
+#AT_STOP_93
+#AT_START_94
+at_fn_group_banner 94 'firewall-cmd.at:471' \
"masquerade" " " 4
at_xfail=no
(
- printf "%s\n" "93. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "94. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -104254,13 +104528,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_93
-#AT_START_94
-at_fn_group_banner 94 'firewall-cmd.at:498' \
+#AT_STOP_94
+#AT_START_95
+at_fn_group_banner 95 'firewall-cmd.at:498' \
"forward" " " 4
at_xfail=no
(
- printf "%s\n" "94. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "95. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -105623,13 +105897,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_94
-#AT_START_95
-at_fn_group_banner 95 'firewall-cmd.at:686' \
+#AT_STOP_95
+#AT_START_96
+at_fn_group_banner 96 'firewall-cmd.at:686' \
"forward ports" " " 4
at_xfail=no
(
- printf "%s\n" "95. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "96. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -107067,13 +107341,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_95
-#AT_START_96
-at_fn_group_banner 96 'firewall-cmd.at:785' \
+#AT_STOP_96
+#AT_START_97
+at_fn_group_banner 97 'firewall-cmd.at:785' \
"ICMP block" " " 4
at_xfail=no
(
- printf "%s\n" "96. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "97. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -108136,13 +108410,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_96
-#AT_START_97
-at_fn_group_banner 97 'firewall-cmd.at:831' \
+#AT_STOP_97
+#AT_START_98
+at_fn_group_banner 98 'firewall-cmd.at:831' \
"user ICMP types" " " 4
at_xfail=no
(
- printf "%s\n" "97. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "98. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -108767,13 +109041,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_97
-#AT_START_98
-at_fn_group_banner 98 'firewall-cmd.at:854' \
+#AT_STOP_98
+#AT_START_99
+at_fn_group_banner 99 'firewall-cmd.at:854' \
"ipset" " " 4
at_xfail=no
(
- printf "%s\n" "98. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "99. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -111058,13 +111332,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_98
-#AT_START_99
-at_fn_group_banner 99 'firewall-cmd.at:1063' \
+#AT_STOP_99
+#AT_START_100
+at_fn_group_banner 100 'firewall-cmd.at:1063' \
"user helpers" " " 4
at_xfail=no
(
- printf "%s\n" "99. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "100. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -111770,13 +112044,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_99
-#AT_START_100
-at_fn_group_banner 100 'firewall-cmd.at:1091' \
+#AT_STOP_100
+#AT_START_101
+at_fn_group_banner 101 'firewall-cmd.at:1091' \
"direct" " " 4
at_xfail=no
(
- printf "%s\n" "100. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "101. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -113268,13 +113542,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_100
-#AT_START_101
-at_fn_group_banner 101 'firewall-cmd.at:1165' \
+#AT_STOP_101
+#AT_START_102
+at_fn_group_banner 102 'firewall-cmd.at:1165' \
"direct nat" " " 4
at_xfail=no
(
- printf "%s\n" "101. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "102. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -113901,13 +114175,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_101
-#AT_START_102
-at_fn_group_banner 102 'firewall-cmd.at:1190' \
+#AT_STOP_102
+#AT_START_103
+at_fn_group_banner 103 'firewall-cmd.at:1190' \
"direct passthrough" " " 4
at_xfail=no
(
- printf "%s\n" "102. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "103. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -114760,13 +115034,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_102
-#AT_START_103
-at_fn_group_banner 103 'firewall-cmd.at:1228' \
+#AT_STOP_103
+#AT_START_104
+at_fn_group_banner 104 'firewall-cmd.at:1228' \
"direct ebtables" " " 4
at_xfail=no
(
- printf "%s\n" "103. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "104. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -115513,13 +115787,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_103
-#AT_START_104
-at_fn_group_banner 104 'firewall-cmd.at:1274' \
+#AT_STOP_104
+#AT_START_105
+at_fn_group_banner 105 'firewall-cmd.at:1274' \
"lockdown" " " 4
at_xfail=no
(
- printf "%s\n" "104. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "105. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -116696,13 +116970,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_104
-#AT_START_105
-at_fn_group_banner 105 'firewall-cmd.at:1369' \
+#AT_STOP_105
+#AT_START_106
+at_fn_group_banner 106 'firewall-cmd.at:1369' \
"rich rules good" " " 4
at_xfail=no
(
- printf "%s\n" "105. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "106. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -121072,13 +121346,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_105
-#AT_START_106
-at_fn_group_banner 106 'firewall-cmd.at:1403' \
+#AT_STOP_106
+#AT_START_107
+at_fn_group_banner 107 'firewall-cmd.at:1403' \
"rich rules audit" " " 4
at_xfail=no
(
- printf "%s\n" "106. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "107. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -121640,13 +121914,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_106
-#AT_START_107
-at_fn_group_banner 107 'firewall-cmd.at:1411' \
+#AT_STOP_107
+#AT_START_108
+at_fn_group_banner 108 'firewall-cmd.at:1411' \
"rich rules priority" " " 4
at_xfail=no
(
- printf "%s\n" "107. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "108. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -124669,13 +124943,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_107
-#AT_START_108
-at_fn_group_banner 108 'firewall-cmd.at:1966' \
+#AT_STOP_108
+#AT_START_109
+at_fn_group_banner 109 'firewall-cmd.at:1966' \
"rich rules bad" " " 4
at_xfail=no
(
- printf "%s\n" "108. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "109. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -126013,13 +126287,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_108
-#AT_START_109
-at_fn_group_banner 109 'firewall-cmd.at:2009' \
+#AT_STOP_109
+#AT_START_110
+at_fn_group_banner 110 'firewall-cmd.at:2009' \
"config validation" " " 4
at_xfail=no
(
- printf "%s\n" "109. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "110. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -127869,13 +128143,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_109
-#AT_START_110
-at_fn_group_banner 110 'rhbz1514043.at:1' \
+#AT_STOP_110
+#AT_START_111
+at_fn_group_banner 111 'rhbz1514043.at:1' \
"--set-log-denied does not zero config" " " 5
at_xfail=no
(
- printf "%s\n" "110. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "111. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -128430,13 +128704,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_110
-#AT_START_111
-at_fn_group_banner 111 'rhbz1498923.at:1' \
+#AT_STOP_111
+#AT_START_112
+at_fn_group_banner 112 'rhbz1498923.at:1' \
"invalid direct rule causes reload error" " " 5
at_xfail=no
(
- printf "%s\n" "111. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "112. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -129290,13 +129564,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_111
-#AT_START_112
-at_fn_group_banner 112 'pr181.at:1' \
+#AT_STOP_112
+#AT_START_113
+at_fn_group_banner 113 'pr181.at:1' \
"combined zones name length check" " " 5
at_xfail=no
(
- printf "%s\n" "112. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "113. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -129885,13 +130159,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_112
-#AT_START_113
-at_fn_group_banner 113 'gh287.at:1' \
+#AT_STOP_113
+#AT_START_114
+at_fn_group_banner 114 'gh287.at:1' \
"ICMP block inversion" " " 5
at_xfail=no
(
- printf "%s\n" "113. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "114. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -130405,13 +130679,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_113
-#AT_START_114
-at_fn_group_banner 114 'individual_calls.at:1' \
+#AT_STOP_114
+#AT_START_115
+at_fn_group_banner 115 'individual_calls.at:1' \
"individual calls" " " 5
at_xfail=no
(
- printf "%s\n" "114. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "115. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -130821,13 +131095,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_114
-#AT_START_115
-at_fn_group_banner 115 'rhbz1534571.at:3' \
+#AT_STOP_115
+#AT_START_116
+at_fn_group_banner 116 'rhbz1534571.at:3' \
"rule deduplication" " " 5
at_xfail=no
(
- printf "%s\n" "115. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "116. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -131339,13 +131613,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_115
-#AT_START_116
-at_fn_group_banner 116 'gh290.at:1' \
+#AT_STOP_116
+#AT_START_117
+at_fn_group_banner 117 'gh290.at:1' \
"invalid syntax in xml files" " " 5
at_xfail=no
(
- printf "%s\n" "116. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "117. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -131843,13 +132117,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_116
-#AT_START_117
-at_fn_group_banner 117 'gh290.at:19' \
+#AT_STOP_117
+#AT_START_118
+at_fn_group_banner 118 'gh290.at:19' \
"invalid syntax in xml files" " " 5
at_xfail=no
(
- printf "%s\n" "117. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "118. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -132353,13 +132627,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_117
-#AT_START_118
-at_fn_group_banner 118 'icmp_block_in_forward_chain.at:1' \
+#AT_STOP_118
+#AT_START_119
+at_fn_group_banner 119 'icmp_block_in_forward_chain.at:1' \
"ICMP block not present FORWARD chain" " " 5
at_xfail=no
(
- printf "%s\n" "118. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "119. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -132812,13 +133086,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_118
-#AT_START_119
-at_fn_group_banner 119 'pr323.at:1' \
+#AT_STOP_119
+#AT_START_120
+at_fn_group_banner 120 'pr323.at:1' \
"GRE proto helper" " " 5
at_xfail=no
(
- printf "%s\n" "119. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "120. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -133252,13 +133526,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_119
-#AT_START_120
-at_fn_group_banner 120 'rhbz1506742.at:1' \
+#AT_STOP_120
+#AT_START_121
+at_fn_group_banner 121 'rhbz1506742.at:1' \
"ipset with timeout" " " 5
at_xfail=no
(
- printf "%s\n" "120. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "121. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -133943,13 +134217,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_120
-#AT_START_121
-at_fn_group_banner 121 'rhbz1594657.at:1' \
+#AT_STOP_121
+#AT_START_122
+at_fn_group_banner 122 'rhbz1594657.at:1' \
"no log untracked passthrough queries" " " 5
at_xfail=no
(
- printf "%s\n" "121. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "122. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -134476,13 +134750,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_121
-#AT_START_122
-at_fn_group_banner 122 'rhbz1571957.at:1' \
+#AT_STOP_122
+#AT_START_123
+at_fn_group_banner 123 'rhbz1571957.at:1' \
"set-log-denied w/ ICMP block inversion" " " 5
at_xfail=no
(
- printf "%s\n" "122. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "123. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -135029,13 +135303,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_122
-#AT_START_123
-at_fn_group_banner 123 'rhbz1404076.at:1' \
+#AT_STOP_123
+#AT_START_124
+at_fn_group_banner 124 'rhbz1404076.at:1' \
"query single port added with range" " " 5
at_xfail=no
(
- printf "%s\n" "123. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "124. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -139018,13 +139292,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_123
-#AT_START_124
-at_fn_group_banner 124 'gh366.at:1' \
+#AT_STOP_124
+#AT_START_125
+at_fn_group_banner 125 'gh366.at:1' \
"service destination multiple IP versions" " " 5
at_xfail=no
(
- printf "%s\n" "124. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "125. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -139552,13 +139826,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_124
-#AT_START_125
-at_fn_group_banner 125 'rhbz1601610.at:1' \
+#AT_STOP_125
+#AT_START_126
+at_fn_group_banner 126 'rhbz1601610.at:1' \
"ipset duplicate entries" " " 5
at_xfail=no
(
- printf "%s\n" "125. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "126. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -140620,13 +140894,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_125
-#AT_START_126
-at_fn_group_banner 126 'gh303.at:1' \
+#AT_STOP_126
+#AT_START_127
+at_fn_group_banner 127 'gh303.at:1' \
"unicode in XML" " " 5
at_xfail=no
(
- printf "%s\n" "126. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "127. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -141129,13 +141403,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_126
-#AT_START_127
-at_fn_group_banner 127 'gh335.at:1' \
+#AT_STOP_127
+#AT_START_128
+at_fn_group_banner 128 'gh335.at:1' \
"forward-port toaddr enables IP forwarding" " " 5
at_xfail=no
(
- printf "%s\n" "127. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "128. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -142237,13 +142511,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_127
-#AT_START_128
-at_fn_group_banner 128 'gh482.at:1' \
+#AT_STOP_128
+#AT_START_129
+at_fn_group_banner 129 'gh482.at:1' \
"remove forward-port after reload" " " 5
at_xfail=no
(
- printf "%s\n" "128. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "129. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -142834,13 +143108,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_128
-#AT_START_129
-at_fn_group_banner 129 'gh478.at:1' \
+#AT_STOP_129
+#AT_START_130
+at_fn_group_banner 130 'gh478.at:1' \
"rich rule marks every packet" " " 5
at_xfail=no
(
- printf "%s\n" "129. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "130. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -143298,13 +143572,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_129
-#AT_START_130
-at_fn_group_banner 130 'gh453.at:1' \
+#AT_STOP_130
+#AT_START_131
+at_fn_group_banner 131 'gh453.at:1' \
"nftables helper objects" " " 5
at_xfail=no
(
- printf "%s\n" "130. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "131. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -143898,13 +144172,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_130
-#AT_START_131
-at_fn_group_banner 131 'gh258.at:1' \
+#AT_STOP_131
+#AT_START_132
+at_fn_group_banner 132 'gh258.at:1' \
"zone dispatch layout" " " 5
at_xfail=no
(
- printf "%s\n" "131. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "132. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -145066,13 +145340,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_131
-#AT_START_132
-at_fn_group_banner 132 'rhbz1715977.at:1' \
+#AT_STOP_132
+#AT_START_133
+at_fn_group_banner 133 'rhbz1715977.at:1' \
"rich rule src/dst with service destination" " " 5
at_xfail=no
(
- printf "%s\n" "132. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "133. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -145773,13 +146047,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_132
-#AT_START_133
-at_fn_group_banner 133 'rhbz1723610.at:1' \
+#AT_STOP_133
+#AT_START_134
+at_fn_group_banner 134 'rhbz1723610.at:1' \
"direct remove-rules per family" " " 5
at_xfail=no
(
- printf "%s\n" "133. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "134. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -146661,13 +146935,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_133
-#AT_START_134
-at_fn_group_banner 134 'rhbz1734765.at:1' \
+#AT_STOP_134
+#AT_START_135
+at_fn_group_banner 135 'rhbz1734765.at:1' \
"zone sources ordered by name" " " 5
at_xfail=no
(
- printf "%s\n" "134. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "135. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -148596,13 +148870,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_134
-#AT_START_135
-at_fn_group_banner 135 'gh509.at:1' \
+#AT_STOP_135
+#AT_START_136
+at_fn_group_banner 136 'gh509.at:1' \
"missing firewalld.conf file" " " 5
at_xfail=no
(
- printf "%s\n" "135. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "136. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -149026,13 +149300,13 @@ at_fn_check_skip 99 "$at_srcdir/gh509.at:1"
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_135
-#AT_START_136
-at_fn_group_banner 136 'gh567.at:1' \
+#AT_STOP_136
+#AT_START_137
+at_fn_group_banner 137 'gh567.at:1' \
"rich rule source w/ mark action" " " 5
at_xfail=no
(
- printf "%s\n" "136. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "137. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -149539,13 +149813,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_136
-#AT_START_137
-at_fn_group_banner 137 'rhbz1779835.at:1' \
+#AT_STOP_137
+#AT_START_138
+at_fn_group_banner 138 'rhbz1779835.at:1' \
"ipv6 address with brackets" " " 5
at_xfail=no
(
- printf "%s\n" "137. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "138. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -150095,13 +150369,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_137
-#AT_START_138
-at_fn_group_banner 138 'rhbz1779835.at:16' \
+#AT_STOP_138
+#AT_START_139
+at_fn_group_banner 139 'rhbz1779835.at:16' \
"ipv6 address with brackets" " " 5
at_xfail=no
(
- printf "%s\n" "138. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "139. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -150636,13 +150910,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_138
-#AT_START_139
-at_fn_group_banner 139 'gh330.at:1' \
+#AT_STOP_139
+#AT_START_140
+at_fn_group_banner 140 'gh330.at:1' \
"ipset cleanup on reload/stop" " " 5
at_xfail=no
(
- printf "%s\n" "139. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "140. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -151919,13 +152193,13 @@ at_fn_check_skip 99 "$at_srcdir/gh330.at:142"
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_139
-#AT_START_140
-at_fn_group_banner 140 'gh599.at:1' \
+#AT_STOP_140
+#AT_START_141
+at_fn_group_banner 141 'gh599.at:1' \
"writing to log after copytruncate" " " 5
at_xfail=no
(
- printf "%s\n" "140. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "141. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -152343,13 +152617,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_140
-#AT_START_141
-at_fn_group_banner 141 'rhbz1843398.at:1' \
+#AT_STOP_141
+#AT_START_142
+at_fn_group_banner 142 'rhbz1843398.at:1' \
"rich rule source mac" " " 5
at_xfail=no
(
- printf "%s\n" "141. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "142. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -152784,13 +153058,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_141
-#AT_START_142
-at_fn_group_banner 142 'rhbz1839781.at:1' \
+#AT_STOP_142
+#AT_START_143
+at_fn_group_banner 143 'rhbz1839781.at:1' \
"service RH-Satellite-6" " " 5
at_xfail=no
(
- printf "%s\n" "142. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "143. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -153339,13 +153613,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_142
-#AT_START_143
-at_fn_group_banner 143 'rhbz1689429.at:1' \
+#AT_STOP_143
+#AT_START_144
+at_fn_group_banner 144 'rhbz1689429.at:1' \
"rich rule invalid priority" " " 5
at_xfail=no
(
- printf "%s\n" "143. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "144. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -153784,13 +154058,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_143
-#AT_START_144
-at_fn_group_banner 144 'rhbz1483921.at:1' \
+#AT_STOP_144
+#AT_START_145
+at_fn_group_banner 145 'rhbz1483921.at:1' \
"direct and zone mutually exclusive" " " 5
at_xfail=no
(
- printf "%s\n" "144. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "145. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -154193,13 +154467,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_144
-#AT_START_145
-at_fn_group_banner 145 'rhbz1541077.at:1' \
+#AT_STOP_145
+#AT_START_146
+at_fn_group_banner 146 'rhbz1541077.at:1' \
"hash:mac and family mutually exclusive" " " 5
at_xfail=no
(
- printf "%s\n" "145. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "146. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -154615,13 +154889,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_145
-#AT_START_146
-at_fn_group_banner 146 'rhbz1855140.at:1' \
+#AT_STOP_146
+#AT_START_147
+at_fn_group_banner 147 'rhbz1855140.at:1' \
"rich rule icmptypes with one family" " " 5
at_xfail=no
(
- printf "%s\n" "146. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "147. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -155263,13 +155537,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_146
-#AT_START_147
-at_fn_group_banner 147 'rhbz1871298.at:1' \
+#AT_STOP_147
+#AT_START_148
+at_fn_group_banner 148 'rhbz1871298.at:1' \
"rich rule parsing bottleneck" " " 5
at_xfail=no
(
- printf "%s\n" "147. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "148. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -155739,13 +156013,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_147
-#AT_START_148
-at_fn_group_banner 148 'rhbz1596304.at:1' \
+#AT_STOP_148
+#AT_START_149
+at_fn_group_banner 149 'rhbz1596304.at:1' \
"rich rules strip non-printable characters" " " 5
at_xfail=no
(
- printf "%s\n" "148. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "149. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -156197,13 +156471,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_148
-#AT_START_149
-at_fn_group_banner 149 'gh703.at:1' \
+#AT_STOP_149
+#AT_START_150
+at_fn_group_banner 150 'gh703.at:1' \
"add source with mac address" " " 5
at_xfail=no
(
- printf "%s\n" "149. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "150. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -156623,13 +156897,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_149
-#AT_START_150
-at_fn_group_banner 150 'ipset_netmask_allowed.at:1' \
+#AT_STOP_150
+#AT_START_151
+at_fn_group_banner 151 'ipset_netmask_allowed.at:1' \
"ipset netmask allowed type hash:ip" " " 5
at_xfail=no
(
- printf "%s\n" "150. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "151. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -157200,13 +157474,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_150
-#AT_START_151
-at_fn_group_banner 151 'rhbz1940928.at:1' \
+#AT_STOP_151
+#AT_START_152
+at_fn_group_banner 152 'rhbz1940928.at:1' \
"direct -s/-d multiple addresses" " " 5
at_xfail=no
(
- printf "%s\n" "151. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "152. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -157916,13 +158190,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_151
-#AT_START_152
-at_fn_group_banner 152 'rhbz1936896.at:1' \
+#AT_STOP_152
+#AT_START_153
+at_fn_group_banner 153 'rhbz1936896.at:1' \
"ipset type hash:net,net" " " 5
at_xfail=no
(
- printf "%s\n" "152. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "153. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -158495,13 +158769,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_152
-#AT_START_153
-at_fn_group_banner 153 'gh795.at:1' \
+#AT_STOP_153
+#AT_START_154
+at_fn_group_banner 154 'gh795.at:1' \
"ipset entry delete w/ timeout=0" " " 5
at_xfail=no
(
- printf "%s\n" "153. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "154. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -159217,13 +159491,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_153
-#AT_START_154
-at_fn_group_banner 154 'rhbz1914935.at:1' \
+#AT_STOP_154
+#AT_START_155
+at_fn_group_banner 155 'rhbz1914935.at:1' \
"zone overlapping ports" " " 5
at_xfail=no
(
- printf "%s\n" "154. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "155. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -159875,13 +160149,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_154
-#AT_START_155
-at_fn_group_banner 155 'gh696.at:1' \
+#AT_STOP_155
+#AT_START_156
+at_fn_group_banner 156 'gh696.at:1' \
"icmp-block-inversion no log blocked" " " 5
at_xfail=no
(
- printf "%s\n" "155. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "156. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -160578,13 +160852,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_155
-#AT_START_156
-at_fn_group_banner 156 'rhbz1917766.at:1' \
+#AT_STOP_156
+#AT_START_157
+at_fn_group_banner 157 'rhbz1917766.at:1' \
"rich rule source with netmask" " " 5
at_xfail=no
(
- printf "%s\n" "156. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "157. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -161052,13 +161326,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_156
-#AT_START_157
-at_fn_group_banner 157 'rhbz2014383.at:1' \
+#AT_STOP_157
+#AT_START_158
+at_fn_group_banner 158 'rhbz2014383.at:1' \
"same source in two zone xml" " " 5
at_xfail=no
(
- printf "%s\n" "157. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "158. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -161517,13 +161791,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_157
-#AT_START_158
-at_fn_group_banner 158 'gh874.at:1' \
+#AT_STOP_158
+#AT_START_159
+at_fn_group_banner 159 'gh874.at:1' \
"policy masquerade w/ ingress interface" " " 5
at_xfail=no
(
- printf "%s\n" "158. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "159. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -162080,13 +162354,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_158
-#AT_START_159
-at_fn_group_banner 159 'gh881.at:1' \
+#AT_STOP_159
+#AT_START_160
+at_fn_group_banner 160 'gh881.at:1' \
"ipset entry overlap detect perf" " " 5
at_xfail=no
(
- printf "%s\n" "159. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "160. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -162652,13 +162926,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_159
-#AT_START_160
-at_fn_group_banner 160 'service_includes_for_builtin.at:1' \
+#AT_STOP_160
+#AT_START_161
+at_fn_group_banner 161 'service_includes_for_builtin.at:1' \
"service include for built-in" " " 5
at_xfail=no
(
- printf "%s\n" "160. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "161. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -163234,13 +163508,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_160
-#AT_START_161
-at_fn_group_banner 161 'gh940.at:1' \
+#AT_STOP_161
+#AT_START_162
+at_fn_group_banner 162 'gh940.at:1' \
"log prefix" " " 5
at_xfail=no
(
- printf "%s\n" "161. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "162. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -163916,13 +164190,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_161
-#AT_START_162
-at_fn_group_banner 162 'build_policy_split_wildcard.at:1' \
+#AT_STOP_162
+#AT_START_163
+at_fn_group_banner 163 'build_policy_split_wildcard.at:1' \
"build policy split wildcards" " " 5
at_xfail=no
(
- printf "%s\n" "162. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "163. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -164905,13 +165179,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_162
-#AT_START_163
-at_fn_group_banner 163 'gh1011.at:1' \
+#AT_STOP_163
+#AT_START_164
+at_fn_group_banner 164 'gh1011.at:1' \
"remove entries results in empty" " " 5
at_xfail=no
(
- printf "%s\n" "163. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "164. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -165408,13 +165682,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_163
-#AT_START_164
-at_fn_group_banner 164 'rhbz2181406.at:1' \
+#AT_STOP_164
+#AT_START_165
+at_fn_group_banner 165 'rhbz2181406.at:1' \
"rich rule limit" " " 5
at_xfail=no
(
- printf "%s\n" "164. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "165. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -165938,13 +166212,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_164
-#AT_START_165
-at_fn_group_banner 165 'ipset_scale.at:1' \
+#AT_STOP_165
+#AT_START_166
+at_fn_group_banner 166 'ipset_scale.at:1' \
"ipset scale" " " 5
at_xfail=no
(
- printf "%s\n" "165. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "166. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -166430,13 +166704,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_165
-#AT_START_166
-at_fn_group_banner 166 'gh1129.at:1' \
+#AT_STOP_166
+#AT_START_167
+at_fn_group_banner 167 'gh1129.at:1' \
"switch backend to iptables and reload" " " 5
at_xfail=no
(
- printf "%s\n" "166. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "167. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -166880,13 +167154,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_166
-#AT_START_167
-at_fn_group_banner 167 'gh1146.at:1' \
+#AT_STOP_167
+#AT_START_168
+at_fn_group_banner 168 'gh1146.at:1' \
"policy with mixed family zone source" " " 5
at_xfail=no
(
- printf "%s\n" "167. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "168. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -167600,13 +167874,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_167
-#AT_START_168
-at_fn_group_banner 168 'gh1152.at:1' \
+#AT_STOP_168
+#AT_START_169
+at_fn_group_banner 169 'gh1152.at:1' \
"list-all identical content" " " 5
at_xfail=no
(
- printf "%s\n" "168. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "169. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -168755,13 +169029,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_168
-#AT_START_169
-at_fn_group_banner 169 'rhbz2222044.at:1' \
+#AT_STOP_169
+#AT_START_170
+at_fn_group_banner 170 'rhbz2222044.at:1' \
"duplicate rules after restart" " " 5
at_xfail=no
(
- printf "%s\n" "169. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "170. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -169612,13 +169886,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_169
-#AT_START_170
-at_fn_group_banner 170 'gh1229.at:1' \
+#AT_STOP_170
+#AT_START_171
+at_fn_group_banner 171 'gh1229.at:1' \
"policy dispatch with egress-zone=ANY" " " 5
at_xfail=no
(
- printf "%s\n" "170. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "171. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -170355,13 +170629,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_170
-#AT_START_171
-at_fn_group_banner 171 'gh1278.at:1' \
+#AT_STOP_171
+#AT_START_172
+at_fn_group_banner 172 'gh1278.at:1' \
"policy dispatch update if active" " " 5
at_xfail=no
(
- printf "%s\n" "171. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "172. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -171225,13 +171499,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_171
-#AT_START_172
-at_fn_group_banner 172 'gh1406.at:1' \
+#AT_STOP_172
+#AT_START_173
+at_fn_group_banner 173 'gh1406.at:1' \
"ipset iface" " " 5
at_xfail=no
(
- printf "%s\n" "172. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "173. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -171836,13 +172110,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_172
-#AT_START_173
-at_fn_group_banner 173 'python.at:3' \
- "firewalld_misc.py" " " 6
+#AT_STOP_173
+#AT_START_174
+at_fn_group_banner 174 'RHEL-67103.at:1' \
+ "rich rule invalid ipset" " " 5
at_xfail=no
(
- printf "%s\n" "173. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "174. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -171877,29 +172151,29 @@ at_xfail=no
if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then
{ set +x
-printf "%s\n" "$at_srcdir/python.at:3: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi"
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:3"
+printf "%s\n" "$at_srcdir/RHEL-67103.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi"
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:1"
( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:3"
+at_fn_check_status 0 $at_status "$at_srcdir/RHEL-67103.at:1"
$at_failed && at_fn_log_failure
$at_traceon; }
else
{ set +x
-printf "%s\n" "$at_srcdir/python.at:3: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi"
-at_fn_check_prepare_trace "python.at:3"
+printf "%s\n" "$at_srcdir/RHEL-67103.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi"
+at_fn_check_prepare_trace "RHEL-67103.at:1"
( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:3"
+at_fn_check_status 0 $at_status "$at_srcdir/RHEL-67103.at:1"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -171907,15 +172181,15 @@ $at_traceon; }
{ set +x
-printf "%s\n" "$at_srcdir/python.at:3: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf"
-at_fn_check_prepare_trace "python.at:3"
+printf "%s\n" "$at_srcdir/RHEL-67103.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf"
+at_fn_check_prepare_trace "RHEL-67103.at:1"
( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:3"
+at_fn_check_status 0 $at_status "$at_srcdir/RHEL-67103.at:1"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -171971,15 +172245,15 @@ $at_traceon; }
echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late
{ set +x
-printf "%s\n" "$at_srcdir/python.at:3: ip netns add fwd-test-\${at_group_normalized}"
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:3"
+printf "%s\n" "$at_srcdir/RHEL-67103.at:1: ip netns add fwd-test-\${at_group_normalized}"
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:1"
( $at_check_trace; ip netns add fwd-test-${at_group_normalized}
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:3"
+at_fn_check_status 0 $at_status "$at_srcdir/RHEL-67103.at:1"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -172062,8 +172336,8 @@ _ATEOF
DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" `
if test $? -ne 0; then
- printf "%s\n" "python.at:3" >"$at_check_line_file"
-at_fn_check_skip 99 "$at_srcdir/python.at:3"
+ printf "%s\n" "RHEL-67103.at:1" >"$at_check_line_file"
+at_fn_check_skip 99 "$at_srcdir/RHEL-67103.at:1"
fi
echo "kill $DBUS_PID" >> ./cleanup_late
@@ -172081,15 +172355,15 @@ _ATEOF
{ set +x
-printf "%s\n" "$at_srcdir/python.at:3: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:3"
+printf "%s\n" "$at_srcdir/RHEL-67103.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:1"
( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:3"
+at_fn_check_status 0 $at_status "$at_srcdir/RHEL-67103.at:1"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -172102,15 +172376,15 @@ $at_traceon; }
:
{ set +x
-printf "%s\n" "$at_srcdir/python.at:3: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf"
-at_fn_check_prepare_trace "python.at:3"
+printf "%s\n" "$at_srcdir/RHEL-67103.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf"
+at_fn_check_prepare_trace "RHEL-67103.at:1"
( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:3"
+at_fn_check_status 0 $at_status "$at_srcdir/RHEL-67103.at:1"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -172119,30 +172393,30 @@ $at_traceon; }
{ set +x
-printf "%s\n" "$at_srcdir/python.at:3: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:3"
+printf "%s\n" "$at_srcdir/RHEL-67103.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:1"
( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:3"
+at_fn_check_status 0 $at_status "$at_srcdir/RHEL-67103.at:1"
$at_failed && at_fn_log_failure
$at_traceon; }
{ set +x
-printf "%s\n" "$at_srcdir/python.at:3: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:3"
+printf "%s\n" "$at_srcdir/RHEL-67103.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:1"
( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:3"
+at_fn_check_status 0 $at_status "$at_srcdir/RHEL-67103.at:1"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -172159,8 +172433,8 @@ $at_traceon; }
env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS &
if test $? -ne 0; then
- printf "%s\n" "python.at:3" >"$at_check_line_file"
-at_fn_check_skip 99 "$at_srcdir/python.at:3"
+ printf "%s\n" "RHEL-67103.at:1" >"$at_check_line_file"
+at_fn_check_skip 99 "$at_srcdir/RHEL-67103.at:1"
fi
echo "$!" > firewalld.pid
@@ -172176,34 +172450,252 @@ at_fn_check_skip 99 "$at_srcdir/python.at:3"
fi
sleep 1
done
- printf "%s\n" "python.at:3" >"$at_check_line_file"
+ printf "%s\n" "RHEL-67103.at:1" >"$at_check_line_file"
(test $up -ne 1) \
- && at_fn_check_skip 99 "$at_srcdir/python.at:3"
+ && at_fn_check_skip 99 "$at_srcdir/RHEL-67103.at:1"
+
+
+
{ set +x
-printf "%s\n" "$at_srcdir/python.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} \$PYTHON \$(dirname \${at_myself})/python/firewalld_misc.py "
-at_fn_check_prepare_notrace 'a $(...) command substitution' "python.at:5"
-( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $PYTHON $(dirname ${at_myself})/python/firewalld_misc.py
+printf "%s\n" "$at_srcdir/RHEL-67103.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset thisexists --type=hash:net "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:5"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset thisexists --type=hash:net
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+echo stdout:; cat "$at_stdout"
+at_fn_check_status 0 $at_status "$at_srcdir/RHEL-67103.at:5"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/RHEL-67103.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule=\"rule family=ipv4 source ipset=thisexists accept\" "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:6"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source ipset=thisexists accept"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+echo stdout:; cat "$at_stdout"
+at_fn_check_status 0 $at_status "$at_srcdir/RHEL-67103.at:6"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/RHEL-67103.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule=\"rule family=ipv4 destination ipset=thisexists accept\" "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:7"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule="rule family=ipv4 destination ipset=thisexists accept"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+echo stdout:; cat "$at_stdout"
+at_fn_check_status 0 $at_status "$at_srcdir/RHEL-67103.at:7"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/RHEL-67103.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:8"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/RHEL-67103.at:8"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/RHEL-67103.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:8"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/RHEL-67103.at:8"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/RHEL-67103.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule=\"rule family=ipv4 source ipset=doesnotexist accept\" "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:11"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule="rule family=ipv4 source ipset=doesnotexist accept"
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:5"
+at_fn_check_status 135 $at_status "$at_srcdir/RHEL-67103.at:11"
$at_failed && at_fn_log_failure
$at_traceon; }
- if test x"ignore" != x"ignore"; then
- printf "%s\n" "python.at:6" >"$at_check_line_file"
-(cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed ignore | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \
- && at_fn_check_skip 99 "$at_srcdir/python.at:6"
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/RHEL-67103.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule=\"rule family=ipv4 source ipset=doesnotexist accept\" "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:12"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source ipset=doesnotexist accept"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+echo stderr:; cat "$at_stderr"
+echo stdout:; cat "$at_stdout"
+at_fn_check_status 135 $at_status "$at_srcdir/RHEL-67103.at:12"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/RHEL-67103.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule=\"rule family=ipv4 destination ipset=doesnotexist accept\" "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:13"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule="rule family=ipv4 destination ipset=doesnotexist accept"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+echo stderr:; cat "$at_stderr"
+echo stdout:; cat "$at_stdout"
+at_fn_check_status 135 $at_status "$at_srcdir/RHEL-67103.at:13"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/RHEL-67103.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule=\"rule family=ipv4 destination ipset=doesnotexist accept\" "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:14"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule="rule family=ipv4 destination ipset=doesnotexist accept"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+echo stderr:; cat "$at_stderr"
+echo stdout:; cat "$at_stdout"
+at_fn_check_status 135 $at_status "$at_srcdir/RHEL-67103.at:14"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+cat >./zones/broken.xml <<'_ATEOF'
+<?xml version="1.0" encoding="utf-8"?>
+<zone>
+<short>broken</short>
+<rule family="ipv4">
+<source ipset="doesnotexist"/>
+<accept/>
+</rule>
+<rule family="ipv4">
+<destination ipset="doesnotexist"/>
+<accept/>
+</rule>
+<forward/>
+</zone>
+_ATEOF
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/RHEL-67103.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:32"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+echo stderr:; cat "$at_stderr"
+echo stdout:; cat "$at_stdout"
+at_fn_check_status 135 $at_status "$at_srcdir/RHEL-67103.at:32"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/RHEL-67103.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:32"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/RHEL-67103.at:32"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+
+ if test x"-e '/ERROR: INVALID_IPSET/d'" != x"ignore"; then
+ printf "%s\n" "RHEL-67103.at:34" >"$at_check_line_file"
+(cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_IPSET/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \
+ && at_fn_check_skip 99 "$at_srcdir/RHEL-67103.at:34"
fi
@@ -172212,13 +172704,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_173
-#AT_START_174
-at_fn_group_banner 174 'python.at:8' \
- "firewalld_config.py" " " 6
+#AT_STOP_174
+#AT_START_175
+at_fn_group_banner 175 'python.at:3' \
+ "firewalld_misc.py" " " 6
at_xfail=no
(
- printf "%s\n" "174. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "175. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -172253,29 +172745,29 @@ at_xfail=no
if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then
{ set +x
-printf "%s\n" "$at_srcdir/python.at:8: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi"
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:8"
+printf "%s\n" "$at_srcdir/python.at:3: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi"
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:3"
( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:8"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:3"
$at_failed && at_fn_log_failure
$at_traceon; }
else
{ set +x
-printf "%s\n" "$at_srcdir/python.at:8: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi"
-at_fn_check_prepare_trace "python.at:8"
+printf "%s\n" "$at_srcdir/python.at:3: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi"
+at_fn_check_prepare_trace "python.at:3"
( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:8"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:3"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -172283,15 +172775,15 @@ $at_traceon; }
{ set +x
-printf "%s\n" "$at_srcdir/python.at:8: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf"
-at_fn_check_prepare_trace "python.at:8"
+printf "%s\n" "$at_srcdir/python.at:3: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf"
+at_fn_check_prepare_trace "python.at:3"
( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:8"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:3"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -172347,15 +172839,15 @@ $at_traceon; }
echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late
{ set +x
-printf "%s\n" "$at_srcdir/python.at:8: ip netns add fwd-test-\${at_group_normalized}"
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:8"
+printf "%s\n" "$at_srcdir/python.at:3: ip netns add fwd-test-\${at_group_normalized}"
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:3"
( $at_check_trace; ip netns add fwd-test-${at_group_normalized}
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:8"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:3"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -172438,8 +172930,8 @@ _ATEOF
DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" `
if test $? -ne 0; then
- printf "%s\n" "python.at:8" >"$at_check_line_file"
-at_fn_check_skip 99 "$at_srcdir/python.at:8"
+ printf "%s\n" "python.at:3" >"$at_check_line_file"
+at_fn_check_skip 99 "$at_srcdir/python.at:3"
fi
echo "kill $DBUS_PID" >> ./cleanup_late
@@ -172457,15 +172949,15 @@ _ATEOF
{ set +x
-printf "%s\n" "$at_srcdir/python.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:8"
+printf "%s\n" "$at_srcdir/python.at:3: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:3"
( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:8"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:3"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -172478,15 +172970,15 @@ $at_traceon; }
:
{ set +x
-printf "%s\n" "$at_srcdir/python.at:8: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf"
-at_fn_check_prepare_trace "python.at:8"
+printf "%s\n" "$at_srcdir/python.at:3: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf"
+at_fn_check_prepare_trace "python.at:3"
( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:8"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:3"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -172495,30 +172987,30 @@ $at_traceon; }
{ set +x
-printf "%s\n" "$at_srcdir/python.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:8"
+printf "%s\n" "$at_srcdir/python.at:3: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:3"
( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:8"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:3"
$at_failed && at_fn_log_failure
$at_traceon; }
{ set +x
-printf "%s\n" "$at_srcdir/python.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:8"
+printf "%s\n" "$at_srcdir/python.at:3: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:3"
( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:8"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:3"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -172535,8 +173027,8 @@ $at_traceon; }
env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS &
if test $? -ne 0; then
- printf "%s\n" "python.at:8" >"$at_check_line_file"
-at_fn_check_skip 99 "$at_srcdir/python.at:8"
+ printf "%s\n" "python.at:3" >"$at_check_line_file"
+at_fn_check_skip 99 "$at_srcdir/python.at:3"
fi
echo "$!" > firewalld.pid
@@ -172552,24 +173044,24 @@ at_fn_check_skip 99 "$at_srcdir/python.at:8"
fi
sleep 1
done
- printf "%s\n" "python.at:8" >"$at_check_line_file"
+ printf "%s\n" "python.at:3" >"$at_check_line_file"
(test $up -ne 1) \
- && at_fn_check_skip 99 "$at_srcdir/python.at:8"
+ && at_fn_check_skip 99 "$at_srcdir/python.at:3"
{ set +x
-printf "%s\n" "$at_srcdir/python.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} \$PYTHON \$(dirname \${at_myself})/python/firewalld_config.py "
-at_fn_check_prepare_notrace 'a $(...) command substitution' "python.at:10"
-( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $PYTHON $(dirname ${at_myself})/python/firewalld_config.py
+printf "%s\n" "$at_srcdir/python.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} \$PYTHON \$(dirname \${at_myself})/python/firewalld_misc.py "
+at_fn_check_prepare_notrace 'a $(...) command substitution' "python.at:5"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $PYTHON $(dirname ${at_myself})/python/firewalld_misc.py
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:10"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:5"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -172577,9 +173069,9 @@ $at_traceon; }
if test x"ignore" != x"ignore"; then
- printf "%s\n" "python.at:11" >"$at_check_line_file"
+ printf "%s\n" "python.at:6" >"$at_check_line_file"
(cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed ignore | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \
- && at_fn_check_skip 99 "$at_srcdir/python.at:11"
+ && at_fn_check_skip 99 "$at_srcdir/python.at:6"
fi
@@ -172588,13 +173080,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_174
-#AT_START_175
-at_fn_group_banner 175 'python.at:13' \
- "firewalld_rich.py" " " 6
+#AT_STOP_175
+#AT_START_176
+at_fn_group_banner 176 'python.at:8' \
+ "firewalld_config.py" " " 6
at_xfail=no
(
- printf "%s\n" "175. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "176. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -172629,29 +173121,29 @@ at_xfail=no
if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then
{ set +x
-printf "%s\n" "$at_srcdir/python.at:13: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi"
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:13"
+printf "%s\n" "$at_srcdir/python.at:8: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi"
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:8"
( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:13"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:8"
$at_failed && at_fn_log_failure
$at_traceon; }
else
{ set +x
-printf "%s\n" "$at_srcdir/python.at:13: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi"
-at_fn_check_prepare_trace "python.at:13"
+printf "%s\n" "$at_srcdir/python.at:8: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi"
+at_fn_check_prepare_trace "python.at:8"
( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:13"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:8"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -172659,15 +173151,15 @@ $at_traceon; }
{ set +x
-printf "%s\n" "$at_srcdir/python.at:13: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf"
-at_fn_check_prepare_trace "python.at:13"
+printf "%s\n" "$at_srcdir/python.at:8: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf"
+at_fn_check_prepare_trace "python.at:8"
( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:13"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:8"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -172723,15 +173215,15 @@ $at_traceon; }
echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late
{ set +x
-printf "%s\n" "$at_srcdir/python.at:13: ip netns add fwd-test-\${at_group_normalized}"
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:13"
+printf "%s\n" "$at_srcdir/python.at:8: ip netns add fwd-test-\${at_group_normalized}"
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:8"
( $at_check_trace; ip netns add fwd-test-${at_group_normalized}
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:13"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:8"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -172814,8 +173306,8 @@ _ATEOF
DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" `
if test $? -ne 0; then
- printf "%s\n" "python.at:13" >"$at_check_line_file"
-at_fn_check_skip 99 "$at_srcdir/python.at:13"
+ printf "%s\n" "python.at:8" >"$at_check_line_file"
+at_fn_check_skip 99 "$at_srcdir/python.at:8"
fi
echo "kill $DBUS_PID" >> ./cleanup_late
@@ -172833,15 +173325,15 @@ _ATEOF
{ set +x
-printf "%s\n" "$at_srcdir/python.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:13"
+printf "%s\n" "$at_srcdir/python.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:8"
( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:13"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:8"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -172854,15 +173346,15 @@ $at_traceon; }
:
{ set +x
-printf "%s\n" "$at_srcdir/python.at:13: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf"
-at_fn_check_prepare_trace "python.at:13"
+printf "%s\n" "$at_srcdir/python.at:8: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf"
+at_fn_check_prepare_trace "python.at:8"
( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:13"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:8"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -172871,30 +173363,30 @@ $at_traceon; }
{ set +x
-printf "%s\n" "$at_srcdir/python.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:13"
+printf "%s\n" "$at_srcdir/python.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:8"
( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:13"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:8"
$at_failed && at_fn_log_failure
$at_traceon; }
{ set +x
-printf "%s\n" "$at_srcdir/python.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:13"
+printf "%s\n" "$at_srcdir/python.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:8"
( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:13"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:8"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -172911,8 +173403,8 @@ $at_traceon; }
env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS &
if test $? -ne 0; then
- printf "%s\n" "python.at:13" >"$at_check_line_file"
-at_fn_check_skip 99 "$at_srcdir/python.at:13"
+ printf "%s\n" "python.at:8" >"$at_check_line_file"
+at_fn_check_skip 99 "$at_srcdir/python.at:8"
fi
echo "$!" > firewalld.pid
@@ -172928,24 +173420,24 @@ at_fn_check_skip 99 "$at_srcdir/python.at:13"
fi
sleep 1
done
- printf "%s\n" "python.at:13" >"$at_check_line_file"
+ printf "%s\n" "python.at:8" >"$at_check_line_file"
(test $up -ne 1) \
- && at_fn_check_skip 99 "$at_srcdir/python.at:13"
+ && at_fn_check_skip 99 "$at_srcdir/python.at:8"
{ set +x
-printf "%s\n" "$at_srcdir/python.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} \$PYTHON \$(dirname \${at_myself})/python/firewalld_rich.py "
-at_fn_check_prepare_notrace 'a $(...) command substitution' "python.at:15"
-( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $PYTHON $(dirname ${at_myself})/python/firewalld_rich.py
+printf "%s\n" "$at_srcdir/python.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} \$PYTHON \$(dirname \${at_myself})/python/firewalld_config.py "
+at_fn_check_prepare_notrace 'a $(...) command substitution' "python.at:10"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $PYTHON $(dirname ${at_myself})/python/firewalld_config.py
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:15"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:10"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -172953,9 +173445,9 @@ $at_traceon; }
if test x"ignore" != x"ignore"; then
- printf "%s\n" "python.at:16" >"$at_check_line_file"
+ printf "%s\n" "python.at:11" >"$at_check_line_file"
(cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed ignore | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \
- && at_fn_check_skip 99 "$at_srcdir/python.at:16"
+ && at_fn_check_skip 99 "$at_srcdir/python.at:11"
fi
@@ -172964,13 +173456,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_175
-#AT_START_176
-at_fn_group_banner 176 'python.at:18' \
- "firewalld_direct.py" " " 6
+#AT_STOP_176
+#AT_START_177
+at_fn_group_banner 177 'python.at:13' \
+ "firewalld_rich.py" " " 6
at_xfail=no
(
- printf "%s\n" "176. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "177. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -173005,29 +173497,29 @@ at_xfail=no
if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then
{ set +x
-printf "%s\n" "$at_srcdir/python.at:18: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi"
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:18"
+printf "%s\n" "$at_srcdir/python.at:13: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi"
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:13"
( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:18"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:13"
$at_failed && at_fn_log_failure
$at_traceon; }
else
{ set +x
-printf "%s\n" "$at_srcdir/python.at:18: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi"
-at_fn_check_prepare_trace "python.at:18"
+printf "%s\n" "$at_srcdir/python.at:13: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi"
+at_fn_check_prepare_trace "python.at:13"
( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:18"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:13"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -173035,15 +173527,15 @@ $at_traceon; }
{ set +x
-printf "%s\n" "$at_srcdir/python.at:18: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf"
-at_fn_check_prepare_trace "python.at:18"
+printf "%s\n" "$at_srcdir/python.at:13: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf"
+at_fn_check_prepare_trace "python.at:13"
( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:18"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:13"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -173099,15 +173591,15 @@ $at_traceon; }
echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late
{ set +x
-printf "%s\n" "$at_srcdir/python.at:18: ip netns add fwd-test-\${at_group_normalized}"
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:18"
+printf "%s\n" "$at_srcdir/python.at:13: ip netns add fwd-test-\${at_group_normalized}"
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:13"
( $at_check_trace; ip netns add fwd-test-${at_group_normalized}
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:18"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:13"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -173190,8 +173682,8 @@ _ATEOF
DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" `
if test $? -ne 0; then
- printf "%s\n" "python.at:18" >"$at_check_line_file"
-at_fn_check_skip 99 "$at_srcdir/python.at:18"
+ printf "%s\n" "python.at:13" >"$at_check_line_file"
+at_fn_check_skip 99 "$at_srcdir/python.at:13"
fi
echo "kill $DBUS_PID" >> ./cleanup_late
@@ -173209,15 +173701,15 @@ _ATEOF
{ set +x
-printf "%s\n" "$at_srcdir/python.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:18"
+printf "%s\n" "$at_srcdir/python.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:13"
( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:18"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:13"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -173230,15 +173722,15 @@ $at_traceon; }
:
{ set +x
-printf "%s\n" "$at_srcdir/python.at:18: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf"
-at_fn_check_prepare_trace "python.at:18"
+printf "%s\n" "$at_srcdir/python.at:13: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf"
+at_fn_check_prepare_trace "python.at:13"
( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:18"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:13"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -173247,30 +173739,30 @@ $at_traceon; }
{ set +x
-printf "%s\n" "$at_srcdir/python.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:18"
+printf "%s\n" "$at_srcdir/python.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:13"
( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:18"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:13"
$at_failed && at_fn_log_failure
$at_traceon; }
{ set +x
-printf "%s\n" "$at_srcdir/python.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:18"
+printf "%s\n" "$at_srcdir/python.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:13"
( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:18"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:13"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -173287,8 +173779,8 @@ $at_traceon; }
env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS &
if test $? -ne 0; then
- printf "%s\n" "python.at:18" >"$at_check_line_file"
-at_fn_check_skip 99 "$at_srcdir/python.at:18"
+ printf "%s\n" "python.at:13" >"$at_check_line_file"
+at_fn_check_skip 99 "$at_srcdir/python.at:13"
fi
echo "$!" > firewalld.pid
@@ -173304,31 +173796,24 @@ at_fn_check_skip 99 "$at_srcdir/python.at:18"
fi
sleep 1
done
- printf "%s\n" "python.at:18" >"$at_check_line_file"
+ printf "%s\n" "python.at:13" >"$at_check_line_file"
(test $up -ne 1) \
- && at_fn_check_skip 99 "$at_srcdir/python.at:18"
-
-
-
-
+ && at_fn_check_skip 99 "$at_srcdir/python.at:13"
- printf "%s\n" "python.at:20" >"$at_check_line_file"
-(! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \
- && at_fn_check_skip 77 "$at_srcdir/python.at:20"
{ set +x
-printf "%s\n" "$at_srcdir/python.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} \$PYTHON \$(dirname \${at_myself})/python/firewalld_direct.py "
-at_fn_check_prepare_notrace 'a $(...) command substitution' "python.at:21"
-( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $PYTHON $(dirname ${at_myself})/python/firewalld_direct.py
+printf "%s\n" "$at_srcdir/python.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} \$PYTHON \$(dirname \${at_myself})/python/firewalld_rich.py "
+at_fn_check_prepare_notrace 'a $(...) command substitution' "python.at:15"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $PYTHON $(dirname ${at_myself})/python/firewalld_rich.py
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/python.at:21"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:15"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -173336,9 +173821,9 @@ $at_traceon; }
if test x"ignore" != x"ignore"; then
- printf "%s\n" "python.at:22" >"$at_check_line_file"
+ printf "%s\n" "python.at:16" >"$at_check_line_file"
(cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed ignore | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \
- && at_fn_check_skip 99 "$at_srcdir/python.at:22"
+ && at_fn_check_skip 99 "$at_srcdir/python.at:16"
fi
@@ -173347,13 +173832,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_176
-#AT_START_177
-at_fn_group_banner 177 'rfc3964_ipv4.at:1' \
- "RFC3964_IPv4" " " 7
+#AT_STOP_177
+#AT_START_178
+at_fn_group_banner 178 'python.at:18' \
+ "firewalld_direct.py" " " 6
at_xfail=no
(
- printf "%s\n" "177. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "178. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -173388,29 +173873,29 @@ at_xfail=no
if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then
{ set +x
-printf "%s\n" "$at_srcdir/rfc3964_ipv4.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi"
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:1"
+printf "%s\n" "$at_srcdir/python.at:18: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi"
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:18"
( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:18"
$at_failed && at_fn_log_failure
$at_traceon; }
else
{ set +x
-printf "%s\n" "$at_srcdir/rfc3964_ipv4.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi"
-at_fn_check_prepare_trace "rfc3964_ipv4.at:1"
+printf "%s\n" "$at_srcdir/python.at:18: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi"
+at_fn_check_prepare_trace "python.at:18"
( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:18"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -173418,15 +173903,398 @@ $at_traceon; }
{ set +x
-printf "%s\n" "$at_srcdir/rfc3964_ipv4.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf"
-at_fn_check_prepare_trace "rfc3964_ipv4.at:1"
+printf "%s\n" "$at_srcdir/python.at:18: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf"
+at_fn_check_prepare_trace "python.at:18"
( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:18"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+ KERNEL_MAJOR=`uname -r | cut -d. -f1`
+ KERNEL_MINOR=`uname -r | cut -d. -f2`
+ if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then
+ :
+
+ else
+ :
+
+ sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf
+
+ fi
+
+
+
+ kill_firewalld() {
+
+ pid=$(cat firewalld.pid)
+ kill $pid
+ for I in 1 2 3 4 5 6 7 8 9 0; do
+ ps --pid $pid >/dev/null || { pid=0; break; }
+ sleep 1
+ done
+ test $pid -eq 0 || { kill -9 $pid; sleep 3; }
+
+ }
+ kill_networkmanager() {
+ if test -f networkmanager.pid; then
+
+ pid=$(cat networkmanager.pid)
+ kill $pid
+ for I in 1 2 3 4 5 6 7 8 9 0; do
+ ps --pid $pid >/dev/null || { pid=0; break; }
+ sleep 1
+ done
+ test $pid -eq 0 || { kill -9 $pid; sleep 3; }
+
+ fi
+ }
+
+ echo "" > cleanup
+ echo "" > cleanup_late
+ trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT
+
+
+
+
+
+ echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late
+ { set +x
+printf "%s\n" "$at_srcdir/python.at:18: ip netns add fwd-test-\${at_group_normalized}"
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:18"
+( $at_check_trace; ip netns add fwd-test-${at_group_normalized}
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:18"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+ cat >./dbus.conf <<'_ATEOF'
+
+ <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+ <busconfig>
+ <fork />
+ <auth>EXTERNAL</auth>
+ <listen>unix:path=/tmp/dummy</listen>
+ <policy context="default">
+ <allow user="*"/>
+ <allow send_type="signal"/>
+ <allow send_requested_reply="true" send_type="method_return"/>
+ <allow send_requested_reply="true" send_type="error"/>
+ <allow receive_type="method_call"/>
+ <allow receive_type="method_return"/>
+ <allow receive_type="error"/>
+ <allow receive_type="signal"/>
+ <allow send_destination="org.freedesktop.DBus"/>
+ </policy>
+ <!-- from .../config/FirewallD.conf -->
+ <policy user="root">
+ <allow own="org.fedoraproject.FirewallD1"/>
+ <allow own="org.fedoraproject.FirewallD1.config"/>
+ <allow send_destination="org.fedoraproject.FirewallD1"/>
+ <allow send_destination="org.fedoraproject.FirewallD1.config"/>
+ </policy>
+ <policy context="default">
+ <allow send_destination="org.fedoraproject.FirewallD1"/>
+ <allow send_destination="org.fedoraproject.FirewallD1"
+ send_interface="org.freedesktop.DBus.Introspectable"/>
+ <allow send_destination="org.fedoraproject.FirewallD1"
+ send_interface="org.freedesktop.DBus.Properties"/>
+ <allow send_destination="org.fedoraproject.FirewallD1.config"/>
+ </policy>
+
+ <!-- from org.freedesktop.NetworkManager.conf -->
+ <policy user="root">
+ <allow own="org.freedesktop.NetworkManager"/>
+ <allow send_destination="org.freedesktop.NetworkManager"/>
+
+ <allow send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager.PPP"/>
+
+ <allow send_interface="org.freedesktop.NetworkManager.SecretAgent"/>
+ <!-- These are there because some broken policies do
+ <deny send_interface="..." /> (see dbus-daemon(8) for details).
+ This seems to override that for the known VPN plugins.
+ -->
+ <allow send_destination="org.freedesktop.NetworkManager.openconnect"/>
+ <allow send_destination="org.freedesktop.NetworkManager.openswan"/>
+ <allow send_destination="org.freedesktop.NetworkManager.openvpn"/>
+ <allow send_destination="org.freedesktop.NetworkManager.pptp"/>
+ <allow send_destination="org.freedesktop.NetworkManager.vpnc"/>
+ <allow send_destination="org.freedesktop.NetworkManager.ssh"/>
+ <allow send_destination="org.freedesktop.NetworkManager.iodine"/>
+ <allow send_destination="org.freedesktop.NetworkManager.l2tp"/>
+ <allow send_destination="org.freedesktop.NetworkManager.libreswan"/>
+ <allow send_destination="org.freedesktop.NetworkManager.fortisslvpn"/>
+ <allow send_destination="org.freedesktop.NetworkManager.strongswan"/>
+ <allow send_interface="org.freedesktop.NetworkManager.VPN.Plugin"/>
+
+ <allow send_destination="org.fedoraproject.FirewallD1"/>
+
+ <!-- Allow the custom name for the dnsmasq instance spawned by NM
+ from the dns dnsmasq plugin to own it's dbus name, and for
+ messages to be sent to it.
+ -->
+ <allow own="org.freedesktop.NetworkManager.dnsmasq"/>
+ <allow send_destination="org.freedesktop.NetworkManager.dnsmasq"/>
+ </policy>
+ </busconfig>
+_ATEOF
+
+
+ DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" `
+ if test $? -ne 0; then
+ printf "%s\n" "python.at:18" >"$at_check_line_file"
+at_fn_check_skip 99 "$at_srcdir/python.at:18"
+ fi
+ echo "kill $DBUS_PID" >> ./cleanup_late
+
+
+
+
+ cat >./nft_rule_index.nft <<'_ATEOF'
+
+ add table inet firewalld_check_rule_index
+ add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; }
+ add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept
+ add rule inet firewalld_check_rule_index foobar accept
+ insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept
+_ATEOF
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/python.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:18"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:18"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+ if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then
+ :
+
+ else
+ :
+
+ { set +x
+printf "%s\n" "$at_srcdir/python.at:18: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf"
+at_fn_check_prepare_trace "python.at:18"
+( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:18"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+ fi
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/python.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:18"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:18"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/python.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:18"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:18"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+ FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --log-target file --system-config ./"
+ ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}"
+ if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then
+ FIREWALLD_ARGS="${FIREWALLD_ARGS} --default-config ${FIREWALLD_DEFAULT_CONFIG}"
+ fi
+
+ env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS &
+ if test $? -ne 0; then
+ printf "%s\n" "python.at:18" >"$at_check_line_file"
+at_fn_check_skip 99 "$at_srcdir/python.at:18"
+ fi
+ echo "$!" > firewalld.pid
+
+ WANTED_CODE=""
+ up=0
+ for I in $(seq 60); do
+ env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state
+ RC=$?
+ echo "exit code = ${RC}"
+ if test ${RC} -eq ${WANTED_CODE:-0}; then
+ up=1
+ break
+ fi
+ sleep 1
+ done
+ printf "%s\n" "python.at:18" >"$at_check_line_file"
+(test $up -ne 1) \
+ && at_fn_check_skip 99 "$at_srcdir/python.at:18"
+
+
+
+
+
+
+ printf "%s\n" "python.at:20" >"$at_check_line_file"
+(! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \
+ && at_fn_check_skip 77 "$at_srcdir/python.at:20"
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/python.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} \$PYTHON \$(dirname \${at_myself})/python/firewalld_direct.py "
+at_fn_check_prepare_notrace 'a $(...) command substitution' "python.at:21"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $PYTHON $(dirname ${at_myself})/python/firewalld_direct.py
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+echo stderr:; cat "$at_stderr"
+echo stdout:; cat "$at_stdout"
+at_fn_check_status 0 $at_status "$at_srcdir/python.at:21"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+ if test x"ignore" != x"ignore"; then
+ printf "%s\n" "python.at:22" >"$at_check_line_file"
+(cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed ignore | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \
+ && at_fn_check_skip 99 "$at_srcdir/python.at:22"
+ fi
+
+
+
+ set +x
+ $at_times_p && times >"$at_times_file"
+) 5>&1 2>&1 7>&- | eval $at_tee_pipe
+read at_status <"$at_status_file"
+#AT_STOP_178
+#AT_START_179
+at_fn_group_banner 179 'rfc3964_ipv4.at:1' \
+ "RFC3964_IPv4" " " 7
+at_xfail=no
+(
+ printf "%s\n" "179. $at_setup_line: testing $at_desc ..."
+ $at_traceon
+
+
+
+
+
+
+
+
+
+ test -z "$PYTHON" && export PYTHON="python3"
+ test -z "$EBTABLES" && export EBTABLES="ebtables"
+ test -z "$IPTABLES" && export IPTABLES="iptables"
+ test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore"
+ test -z "$IP6TABLES" && export IP6TABLES="ip6tables"
+ test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore"
+ test -z "$IPSET" && export IPSET="ipset"
+ test -z "$PODMAN" && export PODMAN="podman"
+
+ if locale -a |grep "^C.utf8" >/dev/null; then
+ LC_ALL="C.UTF-8"
+ export LC_ALL
+ fi
+
+ ULIMIT_VAL=""
+ if test -z "$ULIMIT_VAL" ; then
+ ULIMIT_VAL=102400
+ fi
+ if test "$ULIMIT_VAL" -ne 0 ; then
+ ulimit -d "$ULIMIT_VAL"
+ fi
+
+ if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then
+ { set +x
+printf "%s\n" "$at_srcdir/rfc3964_ipv4.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi"
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:1"
+( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+ else
+ { set +x
+printf "%s\n" "$at_srcdir/rfc3964_ipv4.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi"
+at_fn_check_prepare_trace "rfc3964_ipv4.at:1"
+( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+ fi
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rfc3964_ipv4.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf"
+at_fn_check_prepare_trace "rfc3964_ipv4.at:1"
+( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -174013,13 +174881,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_177
-#AT_START_178
-at_fn_group_banner 178 'service_include.at:1' \
+#AT_STOP_179
+#AT_START_180
+at_fn_group_banner 180 'service_include.at:1' \
"service include" " " 7
at_xfail=no
(
- printf "%s\n" "178. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "180. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -175140,13 +176008,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_178
-#AT_START_179
-at_fn_group_banner 179 'helpers_custom.at:1' \
+#AT_STOP_180
+#AT_START_181
+at_fn_group_banner 181 'helpers_custom.at:1' \
"customer helpers" " " 7
at_xfail=no
(
- printf "%s\n" "179. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "181. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -176200,13 +177068,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_179
-#AT_START_180
-at_fn_group_banner 180 'policy.at:5' \
+#AT_STOP_181
+#AT_START_182
+at_fn_group_banner 182 'policy.at:5' \
"policy - xml" " " 7
at_xfail=no
(
- printf "%s\n" "180. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "182. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -176696,13 +177564,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_180
-#AT_START_181
-at_fn_group_banner 181 'policy.at:79' \
+#AT_STOP_182
+#AT_START_183
+at_fn_group_banner 183 'policy.at:79' \
"policy - create" " " 7
at_xfail=no
(
- printf "%s\n" "181. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "183. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -177198,13 +178066,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_181
-#AT_START_182
-at_fn_group_banner 182 'policy.at:96' \
+#AT_STOP_183
+#AT_START_184
+at_fn_group_banner 184 'policy.at:96' \
"policy - name" " " 7
at_xfail=no
(
- printf "%s\n" "182. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "184. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -177638,13 +178506,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_182
-#AT_START_183
-at_fn_group_banner 183 'policy.at:109' \
+#AT_STOP_184
+#AT_START_185
+at_fn_group_banner 185 'policy.at:109' \
"policy - list" " " 7
at_xfail=no
(
- printf "%s\n" "183. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "185. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -178225,13 +179093,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_183
-#AT_START_184
-at_fn_group_banner 184 'policy.at:231' \
+#AT_STOP_185
+#AT_START_186
+at_fn_group_banner 186 'policy.at:231' \
"policy - options" " " 7
at_xfail=no
(
- printf "%s\n" "184. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "186. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -179352,13 +180220,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_184
-#AT_START_185
-at_fn_group_banner 185 'policy.at:286' \
+#AT_STOP_186
+#AT_START_187
+at_fn_group_banner 187 'policy.at:286' \
"policy - priority" " " 7
at_xfail=no
(
- printf "%s\n" "185. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "187. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -180602,13 +181470,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_185
-#AT_START_186
-at_fn_group_banner 186 'policy.at:470' \
+#AT_STOP_187
+#AT_START_188
+at_fn_group_banner 188 'policy.at:470' \
"policy - zones" " " 7
at_xfail=no
(
- printf "%s\n" "186. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "188. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -183452,13 +184320,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_186
-#AT_START_187
-at_fn_group_banner 187 'policy.at:822' \
+#AT_STOP_188
+#AT_START_189
+at_fn_group_banner 189 'policy.at:822' \
"policy - dispatch" " " 7
at_xfail=no
(
- printf "%s\n" "187. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "189. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -190582,13 +191450,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_187
-#AT_START_188
-at_fn_group_banner 188 'policy.at:5352' \
+#AT_STOP_189
+#AT_START_190
+at_fn_group_banner 190 'policy.at:5352' \
"policy - interfaces/sources" " " 7
at_xfail=no
(
- printf "%s\n" "188. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "190. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -191937,13 +192805,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_188
-#AT_START_189
-at_fn_group_banner 189 'policy.at:6073' \
+#AT_STOP_190
+#AT_START_191
+at_fn_group_banner 191 'policy.at:6073' \
"policy - target" " " 7
at_xfail=no
(
- printf "%s\n" "189. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "191. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -192597,13 +193465,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_189
-#AT_START_190
-at_fn_group_banner 190 'policy.at:6122' \
+#AT_STOP_191
+#AT_START_192
+at_fn_group_banner 192 'policy.at:6122' \
"policy - from file" " " 7
at_xfail=no
(
- printf "%s\n" "190. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "192. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -193106,13 +193974,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_190
-#AT_START_191
-at_fn_group_banner 191 'policy.at:6139' \
+#AT_STOP_192
+#AT_START_193
+at_fn_group_banner 193 'policy.at:6139' \
"policy - zone drifting not allowed" " " 7
at_xfail=no
(
- printf "%s\n" "191. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "193. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -193894,13 +194762,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_191
-#AT_START_192
-at_fn_group_banner 192 'policy.at:6301' \
+#AT_STOP_193
+#AT_START_194
+at_fn_group_banner 194 'policy.at:6301' \
"policy - multiple using same zone source" " " 7
at_xfail=no
(
- printf "%s\n" "192. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "194. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -194450,13 +195318,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_192
-#AT_START_193
-at_fn_group_banner 193 'services.at:1' \
+#AT_STOP_194
+#AT_START_195
+at_fn_group_banner 195 'services.at:1' \
"services" " " 7
at_xfail=no
(
- printf "%s\n" "193. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "195. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -195636,13 +196504,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_193
-#AT_START_194
-at_fn_group_banner 194 'ports.at:1' \
+#AT_STOP_195
+#AT_START_196
+at_fn_group_banner 196 'ports.at:1' \
"ports" " " 7
at_xfail=no
(
- printf "%s\n" "194. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "196. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -197157,13 +198025,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_194
-#AT_START_195
-at_fn_group_banner 195 'source_ports.at:1' \
+#AT_STOP_196
+#AT_START_197
+at_fn_group_banner 197 'source_ports.at:1' \
"source ports" " " 7
at_xfail=no
(
- printf "%s\n" "195. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "197. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -198678,13 +199546,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_195
-#AT_START_196
-at_fn_group_banner 196 'forward_ports.at:1' \
+#AT_STOP_197
+#AT_START_198
+at_fn_group_banner 198 'forward_ports.at:1' \
"forward ports" " " 7
at_xfail=no
(
- printf "%s\n" "196. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "198. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -201320,13 +202188,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_196
-#AT_START_197
-at_fn_group_banner 197 'forward_ports.at:207' \
+#AT_STOP_198
+#AT_START_199
+at_fn_group_banner 199 'forward_ports.at:207' \
"forward ports (OUTPUT)" " " 7
at_xfail=no
(
- printf "%s\n" "197. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "199. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -202527,13 +203395,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_197
-#AT_START_198
-at_fn_group_banner 198 'forward_ports.at:287' \
+#AT_STOP_199
+#AT_START_200
+at_fn_group_banner 200 'forward_ports.at:287' \
"forward ports - logging and limiting" " " 7
at_xfail=no
(
- printf "%s\n" "198. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "200. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -203060,13 +203928,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_198
-#AT_START_199
-at_fn_group_banner 199 'masquerade.at:1' \
+#AT_STOP_200
+#AT_START_201
+at_fn_group_banner 201 'masquerade.at:1' \
"masquerade" " " 7
at_xfail=no
(
- printf "%s\n" "199. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "201. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -204839,13 +205707,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_199
-#AT_START_200
-at_fn_group_banner 200 'protocols.at:1' \
+#AT_STOP_201
+#AT_START_202
+at_fn_group_banner 202 'protocols.at:1' \
"protocols" " " 7
at_xfail=no
(
- printf "%s\n" "200. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "202. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -206207,13 +207075,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_200
-#AT_START_201
-at_fn_group_banner 201 'rich_rules.at:1' \
+#AT_STOP_202
+#AT_START_203
+at_fn_group_banner 203 'rich_rules.at:1' \
"rich rules" " " 7
at_xfail=no
(
- printf "%s\n" "201. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "203. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -208498,13 +209366,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_201
-#AT_START_202
-at_fn_group_banner 202 'icmp_blocks.at:1' \
+#AT_STOP_203
+#AT_START_204
+at_fn_group_banner 204 'icmp_blocks.at:1' \
"ICMP blocks" " " 7
at_xfail=no
(
- printf "%s\n" "202. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "204. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -210053,13 +210921,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_202
-#AT_START_203
-at_fn_group_banner 203 'rich_tcp_mss_clamp.at:5' \
+#AT_STOP_204
+#AT_START_205
+at_fn_group_banner 205 'rich_tcp_mss_clamp.at:5' \
"tcp-mss-clamp" " " 7
at_xfail=no
(
- printf "%s\n" "203. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "205. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -210976,13 +211844,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_203
-#AT_START_204
-at_fn_group_banner 204 'rich_destination_ipset.at:1' \
+#AT_STOP_205
+#AT_START_206
+at_fn_group_banner 206 'rich_destination_ipset.at:1' \
"rich destination ipset" " " 7
at_xfail=no
(
- printf "%s\n" "204. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "206. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -211765,13 +212633,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_204
-#AT_START_205
-at_fn_group_banner 205 'zone.at:1' \
+#AT_STOP_206
+#AT_START_207
+at_fn_group_banner 207 'zone.at:1' \
"zone - target" " " 7
at_xfail=no
(
- printf "%s\n" "205. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "207. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -212772,13 +213640,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_205
-#AT_START_206
-at_fn_group_banner 206 'rpfilter.at:1' \
+#AT_STOP_207
+#AT_START_208
+at_fn_group_banner 208 'rpfilter.at:1' \
"rpfilter - strict" " " 7
at_xfail=no
(
- printf "%s\n" "206. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "208. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -213245,13 +214113,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_206
-#AT_START_207
-at_fn_group_banner 207 'rpfilter.at:27' \
+#AT_STOP_208
+#AT_START_209
+at_fn_group_banner 209 'rpfilter.at:27' \
"rpfilter - loose" " " 7
at_xfail=no
(
- printf "%s\n" "207. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "209. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -213718,13 +214586,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_207
-#AT_START_208
-at_fn_group_banner 208 'rpfilter.at:53' \
+#AT_STOP_209
+#AT_START_210
+at_fn_group_banner 210 'rpfilter.at:53' \
"rpfilter - strict-forward" " " 7
at_xfail=no
(
- printf "%s\n" "208. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "210. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -214282,13 +215150,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_208
-#AT_START_209
-at_fn_group_banner 209 'rpfilter.at:89' \
+#AT_STOP_210
+#AT_START_211
+at_fn_group_banner 211 'rpfilter.at:89' \
"rpfilter - loose-forward" " " 7
at_xfail=no
(
- printf "%s\n" "209. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "211. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -214846,13 +215714,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_209
-#AT_START_210
-at_fn_group_banner 210 'rpfilter.at:125' \
+#AT_STOP_211
+#AT_START_212
+at_fn_group_banner 212 'rpfilter.at:125' \
"rpfilter - config values" " " 7
at_xfail=no
(
- printf "%s\n" "210. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "212. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -215265,6 +216133,27 @@ $at_traceon; }
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"IPv6_rpfilter2\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } "
+at_fn_check_prepare_notrace 'a $(...) command substitution' "rpfilter.at:131"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"IPv6_rpfilter2" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; }
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+echo >>"$at_stdout"; printf "%s\n" "variant string \"no\"
+" | \
+ $at_diff - "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
{ set +x
printf "%s\n" "$at_srcdir/rpfilter.at:131: sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=yes/' ./firewalld.conf"
at_fn_check_prepare_trace "rpfilter.at:131"
@@ -215319,6 +216208,27 @@ $at_traceon; }
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"IPv6_rpfilter2\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } "
+at_fn_check_prepare_notrace 'a $(...) command substitution' "rpfilter.at:131"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"IPv6_rpfilter2" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; }
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+echo >>"$at_stdout"; printf "%s\n" "variant string \"yes\"
+" | \
+ $at_diff - "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
{ set +x
printf "%s\n" "$at_srcdir/rpfilter.at:131: sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=false/' ./firewalld.conf"
at_fn_check_prepare_trace "rpfilter.at:131"
@@ -215373,6 +216283,27 @@ $at_traceon; }
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"IPv6_rpfilter2\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } "
+at_fn_check_prepare_notrace 'a $(...) command substitution' "rpfilter.at:131"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"IPv6_rpfilter2" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; }
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+echo >>"$at_stdout"; printf "%s\n" "variant string \"false\"
+" | \
+ $at_diff - "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
{ set +x
printf "%s\n" "$at_srcdir/rpfilter.at:131: sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=true/' ./firewalld.conf"
at_fn_check_prepare_trace "rpfilter.at:131"
@@ -215427,16 +216358,188 @@ $at_traceon; }
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"IPv6_rpfilter2\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } "
+at_fn_check_prepare_notrace 'a $(...) command substitution' "rpfilter.at:131"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"IPv6_rpfilter2" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; }
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+echo >>"$at_stdout"; printf "%s\n" "variant string \"true\"
+" | \
+ $at_diff - "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=strict/' ./firewalld.conf"
+at_fn_check_prepare_trace "rpfilter.at:131"
+( $at_check_trace; sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=strict/' ./firewalld.conf
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:131"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:131"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"IPv6_rpfilter2\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } "
+at_fn_check_prepare_notrace 'a $(...) command substitution' "rpfilter.at:131"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"IPv6_rpfilter2" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; }
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+echo >>"$at_stdout"; printf "%s\n" "variant string \"strict\"
+" | \
+ $at_diff - "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=loose/' ./firewalld.conf"
+at_fn_check_prepare_trace "rpfilter.at:131"
+( $at_check_trace; sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=loose/' ./firewalld.conf
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:131"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:131"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"IPv6_rpfilter2\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } "
+at_fn_check_prepare_notrace 'a $(...) command substitution' "rpfilter.at:131"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"IPv6_rpfilter2" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; }
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+echo >>"$at_stdout"; printf "%s\n" "variant string \"loose\"
+" | \
+ $at_diff - "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
{ set +x
-printf "%s\n" "$at_srcdir/rpfilter.at:136: sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=bogus/' ./firewalld.conf"
-at_fn_check_prepare_trace "rpfilter.at:136"
+printf "%s\n" "$at_srcdir/rpfilter.at:142: sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=bogus/' ./firewalld.conf"
+at_fn_check_prepare_trace "rpfilter.at:142"
( $at_check_trace; sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=bogus/' ./firewalld.conf
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:136"
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:142"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -215445,15 +216548,15 @@ $at_traceon; }
{ set +x
-printf "%s\n" "$at_srcdir/rpfilter.at:137: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:137"
+printf "%s\n" "$at_srcdir/rpfilter.at:143: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:143"
( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:137"
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:143"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -215464,15 +216567,15 @@ $at_traceon; }
{ set +x
-printf "%s\n" "$at_srcdir/rpfilter.at:137: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:137"
+printf "%s\n" "$at_srcdir/rpfilter.at:143: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:143"
( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:137"
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:143"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -215484,9 +216587,9 @@ $at_traceon; }
if test x"-e "/^WARNING: IPv6_rpfilter 'bogus' is not valid/d"" != x"ignore"; then
- printf "%s\n" "rpfilter.at:139" >"$at_check_line_file"
+ printf "%s\n" "rpfilter.at:145" >"$at_check_line_file"
(cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e "/^WARNING: IPv6_rpfilter 'bogus' is not valid/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \
- && at_fn_check_skip 99 "$at_srcdir/rpfilter.at:139"
+ && at_fn_check_skip 99 "$at_srcdir/rpfilter.at:145"
fi
@@ -215495,13 +216598,599 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_210
-#AT_START_211
-at_fn_group_banner 211 'zone_combine.at:1' \
+#AT_STOP_212
+#AT_START_213
+at_fn_group_banner 213 'rpfilter.at:147' \
+ "rpfilter - config values, -forward" " " 7
+at_xfail=no
+(
+ printf "%s\n" "213. $at_setup_line: testing $at_desc ..."
+ $at_traceon
+
+
+
+
+
+
+
+
+
+ test -z "$PYTHON" && export PYTHON="python3"
+ test -z "$EBTABLES" && export EBTABLES="ebtables"
+ test -z "$IPTABLES" && export IPTABLES="iptables"
+ test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore"
+ test -z "$IP6TABLES" && export IP6TABLES="ip6tables"
+ test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore"
+ test -z "$IPSET" && export IPSET="ipset"
+ test -z "$PODMAN" && export PODMAN="podman"
+
+ if locale -a |grep "^C.utf8" >/dev/null; then
+ LC_ALL="C.UTF-8"
+ export LC_ALL
+ fi
+
+ ULIMIT_VAL=""
+ if test -z "$ULIMIT_VAL" ; then
+ ULIMIT_VAL=102400
+ fi
+ if test "$ULIMIT_VAL" -ne 0 ; then
+ ulimit -d "$ULIMIT_VAL"
+ fi
+
+ if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:147: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi"
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:147"
+( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:147"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+ else
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:147: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi"
+at_fn_check_prepare_trace "rpfilter.at:147"
+( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:147"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+ fi
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:147: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf"
+at_fn_check_prepare_trace "rpfilter.at:147"
+( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:147"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+ KERNEL_MAJOR=`uname -r | cut -d. -f1`
+ KERNEL_MINOR=`uname -r | cut -d. -f2`
+ if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then
+ :
+
+ else
+ :
+
+ sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf
+
+ fi
+
+
+
+ kill_firewalld() {
+
+ pid=$(cat firewalld.pid)
+ kill $pid
+ for I in 1 2 3 4 5 6 7 8 9 0; do
+ ps --pid $pid >/dev/null || { pid=0; break; }
+ sleep 1
+ done
+ test $pid -eq 0 || { kill -9 $pid; sleep 3; }
+
+ }
+ kill_networkmanager() {
+ if test -f networkmanager.pid; then
+
+ pid=$(cat networkmanager.pid)
+ kill $pid
+ for I in 1 2 3 4 5 6 7 8 9 0; do
+ ps --pid $pid >/dev/null || { pid=0; break; }
+ sleep 1
+ done
+ test $pid -eq 0 || { kill -9 $pid; sleep 3; }
+
+ fi
+ }
+
+ echo "" > cleanup
+ echo "" > cleanup_late
+ trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT
+
+
+
+
+
+ echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:147: ip netns add fwd-test-\${at_group_normalized}"
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:147"
+( $at_check_trace; ip netns add fwd-test-${at_group_normalized}
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:147"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+ cat >./dbus.conf <<'_ATEOF'
+
+ <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+ <busconfig>
+ <fork />
+ <auth>EXTERNAL</auth>
+ <listen>unix:path=/tmp/dummy</listen>
+ <policy context="default">
+ <allow user="*"/>
+ <allow send_type="signal"/>
+ <allow send_requested_reply="true" send_type="method_return"/>
+ <allow send_requested_reply="true" send_type="error"/>
+ <allow receive_type="method_call"/>
+ <allow receive_type="method_return"/>
+ <allow receive_type="error"/>
+ <allow receive_type="signal"/>
+ <allow send_destination="org.freedesktop.DBus"/>
+ </policy>
+ <!-- from .../config/FirewallD.conf -->
+ <policy user="root">
+ <allow own="org.fedoraproject.FirewallD1"/>
+ <allow own="org.fedoraproject.FirewallD1.config"/>
+ <allow send_destination="org.fedoraproject.FirewallD1"/>
+ <allow send_destination="org.fedoraproject.FirewallD1.config"/>
+ </policy>
+ <policy context="default">
+ <allow send_destination="org.fedoraproject.FirewallD1"/>
+ <allow send_destination="org.fedoraproject.FirewallD1"
+ send_interface="org.freedesktop.DBus.Introspectable"/>
+ <allow send_destination="org.fedoraproject.FirewallD1"
+ send_interface="org.freedesktop.DBus.Properties"/>
+ <allow send_destination="org.fedoraproject.FirewallD1.config"/>
+ </policy>
+
+ <!-- from org.freedesktop.NetworkManager.conf -->
+ <policy user="root">
+ <allow own="org.freedesktop.NetworkManager"/>
+ <allow send_destination="org.freedesktop.NetworkManager"/>
+
+ <allow send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager.PPP"/>
+
+ <allow send_interface="org.freedesktop.NetworkManager.SecretAgent"/>
+ <!-- These are there because some broken policies do
+ <deny send_interface="..." /> (see dbus-daemon(8) for details).
+ This seems to override that for the known VPN plugins.
+ -->
+ <allow send_destination="org.freedesktop.NetworkManager.openconnect"/>
+ <allow send_destination="org.freedesktop.NetworkManager.openswan"/>
+ <allow send_destination="org.freedesktop.NetworkManager.openvpn"/>
+ <allow send_destination="org.freedesktop.NetworkManager.pptp"/>
+ <allow send_destination="org.freedesktop.NetworkManager.vpnc"/>
+ <allow send_destination="org.freedesktop.NetworkManager.ssh"/>
+ <allow send_destination="org.freedesktop.NetworkManager.iodine"/>
+ <allow send_destination="org.freedesktop.NetworkManager.l2tp"/>
+ <allow send_destination="org.freedesktop.NetworkManager.libreswan"/>
+ <allow send_destination="org.freedesktop.NetworkManager.fortisslvpn"/>
+ <allow send_destination="org.freedesktop.NetworkManager.strongswan"/>
+ <allow send_interface="org.freedesktop.NetworkManager.VPN.Plugin"/>
+
+ <allow send_destination="org.fedoraproject.FirewallD1"/>
+
+ <!-- Allow the custom name for the dnsmasq instance spawned by NM
+ from the dns dnsmasq plugin to own it's dbus name, and for
+ messages to be sent to it.
+ -->
+ <allow own="org.freedesktop.NetworkManager.dnsmasq"/>
+ <allow send_destination="org.freedesktop.NetworkManager.dnsmasq"/>
+ </policy>
+ </busconfig>
+_ATEOF
+
+
+ DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" `
+ if test $? -ne 0; then
+ printf "%s\n" "rpfilter.at:147" >"$at_check_line_file"
+at_fn_check_skip 99 "$at_srcdir/rpfilter.at:147"
+ fi
+ echo "kill $DBUS_PID" >> ./cleanup_late
+
+
+
+
+ cat >./nft_rule_index.nft <<'_ATEOF'
+
+ add table inet firewalld_check_rule_index
+ add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; }
+ add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept
+ add rule inet firewalld_check_rule_index foobar accept
+ insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept
+_ATEOF
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:147: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:147"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:147"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+ if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then
+ :
+
+ else
+ :
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:147: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf"
+at_fn_check_prepare_trace "rpfilter.at:147"
+( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:147"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+ fi
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:147: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:147"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:147"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:147: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:147"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:147"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+ FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --log-target file --system-config ./"
+ ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}"
+ if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then
+ FIREWALLD_ARGS="${FIREWALLD_ARGS} --default-config ${FIREWALLD_DEFAULT_CONFIG}"
+ fi
+
+ env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS &
+ if test $? -ne 0; then
+ printf "%s\n" "rpfilter.at:147" >"$at_check_line_file"
+at_fn_check_skip 99 "$at_srcdir/rpfilter.at:147"
+ fi
+ echo "$!" > firewalld.pid
+
+ WANTED_CODE=""
+ up=0
+ for I in $(seq 60); do
+ env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state
+ RC=$?
+ echo "exit code = ${RC}"
+ if test ${RC} -eq ${WANTED_CODE:-0}; then
+ up=1
+ break
+ fi
+ sleep 1
+ done
+ printf "%s\n" "rpfilter.at:147" >"$at_check_line_file"
+(test $up -ne 1) \
+ && at_fn_check_skip 99 "$at_srcdir/rpfilter.at:147"
+
+
+
+
+
+
+
+ KERNEL_MAJOR=`uname -r | cut -d. -f1`
+ KERNEL_MINOR=`uname -r | cut -d. -f2`
+ if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then
+ :
+
+ else
+ :
+ printf "%s\n" "rpfilter.at:149" >"$at_check_line_file"
+at_fn_check_skip 77 "$at_srcdir/rpfilter.at:149"
+ fi
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:150: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add table inet firewalld_check "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:150"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add table inet firewalld_check
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:150"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:150: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add chain inet firewalld_check foobar { type filter hook forward priority 0 \\; } "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:150"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add chain inet firewalld_check foobar { type filter hook forward priority 0 \; }
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:150"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+ printf "%s\n" "rpfilter.at:150" >"$at_check_line_file"
+(! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add rule inet firewalld_check foobar meta nfproto ipv6 fib saddr . mark . iif oif missing drop >/dev/null 2>&1 ) \
+ && at_fn_check_skip 77 "$at_srcdir/rpfilter.at:150"
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:150: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:150"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:150"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:154: sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=strict-forward/' ./firewalld.conf"
+at_fn_check_prepare_trace "rpfilter.at:154"
+( $at_check_trace; sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=strict-forward/' ./firewalld.conf
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:154"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:154: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:154"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:154"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:154: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:154"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:154"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:154: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"IPv6_rpfilter2\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } "
+at_fn_check_prepare_notrace 'a $(...) command substitution' "rpfilter.at:154"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"IPv6_rpfilter2" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; }
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+echo >>"$at_stdout"; printf "%s\n" "variant string \"strict-forward\"
+" | \
+ $at_diff - "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:154"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:154: sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=loose-forward/' ./firewalld.conf"
+at_fn_check_prepare_trace "rpfilter.at:154"
+( $at_check_trace; sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=loose-forward/' ./firewalld.conf
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:154"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:154: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:154"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:154"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:154: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:154"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:154"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:154: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"IPv6_rpfilter2\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } "
+at_fn_check_prepare_notrace 'a $(...) command substitution' "rpfilter.at:154"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"IPv6_rpfilter2" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; }
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+echo >>"$at_stdout"; printf "%s\n" "variant string \"loose-forward\"
+" | \
+ $at_diff - "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:154"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+
+
+ if test x"-e "/^ERROR: INVALID_VALUE:.*is incompatible with FirewallBackend=iptables."" != x"ignore"; then
+ printf "%s\n" "rpfilter.at:168" >"$at_check_line_file"
+(cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e "/^ERROR: INVALID_VALUE:.*is incompatible with FirewallBackend=iptables." | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \
+ && at_fn_check_skip 99 "$at_srcdir/rpfilter.at:168"
+ fi
+
+
+
+ set +x
+ $at_times_p && times >"$at_times_file"
+) 5>&1 2>&1 7>&- | eval $at_tee_pipe
+read at_status <"$at_status_file"
+#AT_STOP_213
+#AT_START_214
+at_fn_group_banner 214 'zone_combine.at:1' \
"zone - combine" " " 7
at_xfail=no
(
- printf "%s\n" "211. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "214. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -216305,13 +217994,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_211
-#AT_START_212
-at_fn_group_banner 212 'startup_failsafe.at:1' \
+#AT_STOP_214
+#AT_START_215
+at_fn_group_banner 215 'startup_failsafe.at:1' \
"startup failsafe - invalid xml" " " 7
at_xfail=no
(
- printf "%s\n" "212. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "215. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -216940,13 +218629,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_212
-#AT_START_213
-at_fn_group_banner 213 'startup_failsafe.at:1' \
+#AT_STOP_215
+#AT_START_216
+at_fn_group_banner 216 'startup_failsafe.at:1' \
"startup failsafe - bad zone" " " 7
at_xfail=no
(
- printf "%s\n" "213. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "216. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -217381,13 +219070,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_213
-#AT_START_214
-at_fn_group_banner 214 'startup_failsafe.at:1' \
+#AT_STOP_216
+#AT_START_217
+at_fn_group_banner 217 'startup_failsafe.at:1' \
"startup failsafe - bad policy" " " 7
at_xfail=no
(
- printf "%s\n" "214. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "217. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -217822,13 +219511,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_214
-#AT_START_215
-at_fn_group_banner 215 'startup_failsafe.at:1' \
+#AT_STOP_217
+#AT_START_218
+at_fn_group_banner 218 'startup_failsafe.at:1' \
"startup failsafe - non-existent service" " " 7
at_xfail=no
(
- printf "%s\n" "215. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "218. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -218263,13 +219952,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_215
-#AT_START_216
-at_fn_group_banner 216 'startup_failsafe.at:1' \
+#AT_STOP_218
+#AT_START_219
+at_fn_group_banner 219 'startup_failsafe.at:1' \
"startup failsafe - non-existent icmptype" " " 7
at_xfail=no
(
- printf "%s\n" "216. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "219. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -218704,13 +220393,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_216
-#AT_START_217
-at_fn_group_banner 217 'startup_failsafe.at:1' \
+#AT_STOP_219
+#AT_START_220
+at_fn_group_banner 220 'startup_failsafe.at:1' \
"startup failsafe - bad direct" " " 7
at_xfail=no
(
- printf "%s\n" "217. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "220. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -219139,13 +220828,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_217
-#AT_START_218
-at_fn_group_banner 218 'startup_failsafe.at:1' \
+#AT_STOP_220
+#AT_START_221
+at_fn_group_banner 221 'startup_failsafe.at:1' \
"startup failsafe - broken stock config" " " 7
at_xfail=no
(
- printf "%s\n" "218. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "221. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -219578,13 +221267,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_218
-#AT_START_219
-at_fn_group_banner 219 'ipset_defer_native_ipset_creation.at:1' \
+#AT_STOP_221
+#AT_START_222
+at_fn_group_banner 222 'ipset_defer_native_ipset_creation.at:1' \
"ipset defer native creation" " " 7
at_xfail=no
(
- printf "%s\n" "219. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "222. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -221613,13 +223302,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_219
-#AT_START_220
-at_fn_group_banner 220 'reset_defaults.at:1' \
+#AT_STOP_222
+#AT_START_223
+at_fn_group_banner 223 'reset_defaults.at:1' \
"reset defaults" " " 7
at_xfail=no
(
- printf "%s\n" "220. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "223. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -222622,13 +224311,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_220
-#AT_START_221
-at_fn_group_banner 221 'iptables_no_flush_on_shutdown.at:1' \
+#AT_STOP_223
+#AT_START_224
+at_fn_group_banner 224 'iptables_no_flush_on_shutdown.at:1' \
"avoid iptables flush if using nftables" " " 7
at_xfail=no
(
- printf "%s\n" "221. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "224. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -224822,13 +226511,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_221
-#AT_START_222
-at_fn_group_banner 222 'zone_priority.at:1' \
+#AT_STOP_224
+#AT_START_225
+at_fn_group_banner 225 'zone_priority.at:1' \
"zone - priority" " " 7
at_xfail=no
(
- printf "%s\n" "222. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "225. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -227099,13 +228788,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_222
-#AT_START_223
-at_fn_group_banner 223 'nftables_flowtable.at:1' \
+#AT_STOP_225
+#AT_START_226
+at_fn_group_banner 226 'nftables_flowtable.at:1' \
"nftables flowtable" " " 7
at_xfail=no
(
- printf "%s\n" "223. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "226. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -228567,13 +230256,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_223
-#AT_START_224
-at_fn_group_banner 224 'nftables_counters.at:1' \
+#AT_STOP_226
+#AT_START_227
+at_fn_group_banner 227 'nftables_counters.at:1' \
"nftables counters" " " 7
at_xfail=no
(
- printf "%s\n" "224. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "227. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -229243,13 +230932,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_224
-#AT_START_225
-at_fn_group_banner 225 'reloadpolicy.at:1' \
+#AT_STOP_227
+#AT_START_228
+at_fn_group_banner 228 'reloadpolicy.at:1' \
"check ReloadPolicy" " " 7
at_xfail=no
(
- printf "%s\n" "225. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "228. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -229753,13 +231442,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_225
-#AT_START_226
-at_fn_group_banner 226 'nftables_table_owner.at:1' \
+#AT_STOP_228
+#AT_START_229
+at_fn_group_banner 229 'nftables_table_owner.at:1' \
"nftables table owner" " " 7
at_xfail=no
(
- printf "%s\n" "226. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "229. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -230161,24 +231850,20 @@ printf "%s\n" "nftables_table_owner.at:1" >"$at_check_line_file"
{ set +x
-printf "%s\n" "$at_srcdir/nftables_table_owner.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft list table inet firewalld | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | head -n 2 "
+printf "%s\n" "$at_srcdir/nftables_table_owner.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft list table inet firewalld | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep \"flags owner,persist\" "
at_fn_check_prepare_notrace 'a $(...) command substitution' "nftables_table_owner.at:1"
-( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list table inet firewalld | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | head -n 2
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list table inet firewalld | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep "flags owner,persist"
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo >>"$at_stdout"; printf "%s\n" "table inet firewalld { # progname firewalld
-flags owner,persist
-" | \
- $at_diff - "$at_stdout" || at_failed=:
+echo stdout:; cat "$at_stdout"
at_fn_check_status 0 $at_status "$at_srcdir/nftables_table_owner.at:1"
$at_failed && at_fn_log_failure
$at_traceon; }
-
{ set +x
printf "%s\n" "$at_srcdir/nftables_table_owner.at:1: sed -i 's/^NftablesTableOwner=.*/NftablesTableOwner=no/' ./firewalld.conf"
at_fn_check_prepare_trace "nftables_table_owner.at:1"
@@ -230233,26 +231918,21 @@ $at_traceon; }
-
{ set +x
-printf "%s\n" "$at_srcdir/nftables_table_owner.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft list table inet firewalld | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | head -n 2 "
+printf "%s\n" "$at_srcdir/nftables_table_owner.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft list table inet firewalld | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep \"flags owner,persist\" "
at_fn_check_prepare_notrace 'a $(...) command substitution' "nftables_table_owner.at:1"
-( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list table inet firewalld | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | head -n 2
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list table inet firewalld | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep "flags owner,persist"
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo >>"$at_stdout"; printf "%s\n" "table inet firewalld {
-chain mangle_PREROUTING {
-" | \
- $at_diff - "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/nftables_table_owner.at:1"
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 1 $at_status "$at_srcdir/nftables_table_owner.at:1"
$at_failed && at_fn_log_failure
$at_traceon; }
-
{ set +x
printf "%s\n" "$at_srcdir/nftables_table_owner.at:1: sed -i 's/^NftablesTableOwner=.*/NftablesTableOwner=yes/' ./firewalld.conf"
at_fn_check_prepare_trace "nftables_table_owner.at:1"
@@ -230307,19 +231987,15 @@ $at_traceon; }
-
{ set +x
-printf "%s\n" "$at_srcdir/nftables_table_owner.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft list table inet firewalld | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | head -n 2 "
+printf "%s\n" "$at_srcdir/nftables_table_owner.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft list table inet firewalld | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep \"flags owner,persist\" "
at_fn_check_prepare_notrace 'a $(...) command substitution' "nftables_table_owner.at:1"
-( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list table inet firewalld | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | head -n 2
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list table inet firewalld | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep "flags owner,persist"
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo >>"$at_stdout"; printf "%s\n" "table inet firewalld { # progname firewalld
-flags owner,persist
-" | \
- $at_diff - "$at_stdout" || at_failed=:
+echo stdout:; cat "$at_stdout"
at_fn_check_status 0 $at_status "$at_srcdir/nftables_table_owner.at:1"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -230340,13 +232016,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_226
-#AT_START_227
-at_fn_group_banner 227 'strict_forward_ports.at:1' \
+#AT_STOP_229
+#AT_START_230
+at_fn_group_banner 230 'strict_forward_ports.at:1' \
"strict forward ports" " " 7
at_xfail=no
(
- printf "%s\n" "227. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "230. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -231449,13 +233125,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_227
-#AT_START_228
-at_fn_group_banner 228 'firewall-cmd.at:5' \
+#AT_STOP_230
+#AT_START_231
+at_fn_group_banner 231 'firewall-cmd.at:5' \
"basic options" " " 8
at_xfail=no
(
- printf "%s\n" "228. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "231. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -231967,13 +233643,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_228
-#AT_START_229
-at_fn_group_banner 229 'firewall-cmd.at:34' \
+#AT_STOP_231
+#AT_START_232
+at_fn_group_banner 232 'firewall-cmd.at:34' \
"get/list options" " " 8
at_xfail=no
(
- printf "%s\n" "229. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "232. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -232436,13 +234112,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_229
-#AT_START_230
-at_fn_group_banner 230 'firewall-cmd.at:50' \
+#AT_STOP_232
+#AT_START_233
+at_fn_group_banner 233 'firewall-cmd.at:50' \
"default zone" " " 8
at_xfail=no
(
- printf "%s\n" "230. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "233. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -232813,13 +234489,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_230
-#AT_START_231
-at_fn_group_banner 231 'firewall-cmd.at:62' \
+#AT_STOP_233
+#AT_START_234
+at_fn_group_banner 234 'firewall-cmd.at:62' \
"user zone" " " 8
at_xfail=no
(
- printf "%s\n" "231. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "234. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -233319,13 +234995,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_231
-#AT_START_232
-at_fn_group_banner 232 'firewall-cmd.at:82' \
+#AT_STOP_234
+#AT_START_235
+at_fn_group_banner 235 'firewall-cmd.at:82' \
"zone interfaces" " " 8
at_xfail=no
(
- printf "%s\n" "232. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "235. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -234599,13 +236275,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_232
-#AT_START_233
-at_fn_group_banner 233 'firewall-cmd.at:170' \
+#AT_STOP_235
+#AT_START_236
+at_fn_group_banner 236 'firewall-cmd.at:170' \
"zone sources" " " 8
at_xfail=no
(
- printf "%s\n" "233. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "236. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -237102,13 +238778,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_233
-#AT_START_234
-at_fn_group_banner 234 'firewall-cmd.at:223' \
+#AT_STOP_236
+#AT_START_237
+at_fn_group_banner 237 'firewall-cmd.at:223' \
"services" " " 8
at_xfail=no
(
- printf "%s\n" "234. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "237. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -237898,13 +239574,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_234
-#AT_START_235
-at_fn_group_banner 235 'firewall-cmd.at:267' \
+#AT_STOP_237
+#AT_START_238
+at_fn_group_banner 238 'firewall-cmd.at:267' \
"user services" " " 8
at_xfail=no
(
- printf "%s\n" "235. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "238. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -239251,13 +240927,13 @@ _ATEOF
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_235
-#AT_START_236
-at_fn_group_banner 236 'firewall-cmd.at:349' \
+#AT_STOP_238
+#AT_START_239
+at_fn_group_banner 239 'firewall-cmd.at:349' \
"ports" " " 8
at_xfail=no
(
- printf "%s\n" "236. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "239. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -240423,13 +242099,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_236
-#AT_START_237
-at_fn_group_banner 237 'firewall-cmd.at:406' \
+#AT_STOP_239
+#AT_START_240
+at_fn_group_banner 240 'firewall-cmd.at:406' \
"source ports" " " 8
at_xfail=no
(
- printf "%s\n" "237. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "240. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -241251,13 +242927,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_237
-#AT_START_238
-at_fn_group_banner 238 'firewall-cmd.at:443' \
+#AT_STOP_240
+#AT_START_241
+at_fn_group_banner 241 'firewall-cmd.at:443' \
"protocols" " " 8
at_xfail=no
(
- printf "%s\n" "238. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "241. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -241948,13 +243624,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_238
-#AT_START_239
-at_fn_group_banner 239 'firewall-cmd.at:471' \
+#AT_STOP_241
+#AT_START_242
+at_fn_group_banner 242 'firewall-cmd.at:471' \
"masquerade" " " 8
at_xfail=no
(
- printf "%s\n" "239. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "242. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -242452,13 +244128,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_239
-#AT_START_240
-at_fn_group_banner 240 'firewall-cmd.at:498' \
+#AT_STOP_242
+#AT_START_243
+at_fn_group_banner 243 'firewall-cmd.at:498' \
"forward" " " 8
at_xfail=no
(
- printf "%s\n" "240. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "243. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -244100,13 +245776,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_240
-#AT_START_241
-at_fn_group_banner 241 'firewall-cmd.at:686' \
+#AT_STOP_243
+#AT_START_244
+at_fn_group_banner 244 'firewall-cmd.at:686' \
"forward ports" " " 8
at_xfail=no
(
- printf "%s\n" "241. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "244. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -245576,13 +247252,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_241
-#AT_START_242
-at_fn_group_banner 242 'firewall-cmd.at:785' \
+#AT_STOP_244
+#AT_START_245
+at_fn_group_banner 245 'firewall-cmd.at:785' \
"ICMP block" " " 8
at_xfail=no
(
- printf "%s\n" "242. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "245. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -246561,13 +248237,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_242
-#AT_START_243
-at_fn_group_banner 243 'firewall-cmd.at:831' \
+#AT_STOP_245
+#AT_START_246
+at_fn_group_banner 246 'firewall-cmd.at:831' \
"user ICMP types" " " 8
at_xfail=no
(
- printf "%s\n" "243. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "246. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -247108,13 +248784,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_243
-#AT_START_244
-at_fn_group_banner 244 'firewall-cmd.at:854' \
+#AT_STOP_246
+#AT_START_247
+at_fn_group_banner 247 'firewall-cmd.at:854' \
"ipset" " " 8
at_xfail=no
(
- printf "%s\n" "244. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "247. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -249137,13 +250813,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_244
-#AT_START_245
-at_fn_group_banner 245 'firewall-cmd.at:1063' \
+#AT_STOP_247
+#AT_START_248
+at_fn_group_banner 248 'firewall-cmd.at:1063' \
"user helpers" " " 8
at_xfail=no
(
- printf "%s\n" "245. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "248. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -249765,13 +251441,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_245
-#AT_START_246
-at_fn_group_banner 246 'firewall-cmd.at:1091' \
+#AT_STOP_248
+#AT_START_249
+at_fn_group_banner 249 'firewall-cmd.at:1091' \
"direct" " " 8
at_xfail=no
(
- printf "%s\n" "246. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "249. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -251179,13 +252855,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_246
-#AT_START_247
-at_fn_group_banner 247 'firewall-cmd.at:1165' \
+#AT_STOP_249
+#AT_START_250
+at_fn_group_banner 250 'firewall-cmd.at:1165' \
"direct nat" " " 8
at_xfail=no
(
- printf "%s\n" "247. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "250. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -251719,13 +253395,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_247
-#AT_START_248
-at_fn_group_banner 248 'firewall-cmd.at:1190' \
+#AT_STOP_250
+#AT_START_251
+at_fn_group_banner 251 'firewall-cmd.at:1190' \
"direct passthrough" " " 8
at_xfail=no
(
- printf "%s\n" "248. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "251. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -252494,13 +254170,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_248
-#AT_START_249
-at_fn_group_banner 249 'firewall-cmd.at:1228' \
+#AT_STOP_251
+#AT_START_252
+at_fn_group_banner 252 'firewall-cmd.at:1228' \
"direct ebtables" " " 8
at_xfail=no
(
- printf "%s\n" "249. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "252. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -253165,13 +254841,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_249
-#AT_START_250
-at_fn_group_banner 250 'firewall-cmd.at:1274' \
+#AT_STOP_252
+#AT_START_253
+at_fn_group_banner 253 'firewall-cmd.at:1274' \
"lockdown" " " 8
at_xfail=no
(
- printf "%s\n" "250. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "253. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -254264,13 +255940,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_250
-#AT_START_251
-at_fn_group_banner 251 'firewall-cmd.at:1369' \
+#AT_STOP_253
+#AT_START_254
+at_fn_group_banner 254 'firewall-cmd.at:1369' \
"rich rules good" " " 8
at_xfail=no
(
- printf "%s\n" "251. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "254. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -258576,13 +260252,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_251
-#AT_START_252
-at_fn_group_banner 252 'firewall-cmd.at:1403' \
+#AT_STOP_254
+#AT_START_255
+at_fn_group_banner 255 'firewall-cmd.at:1403' \
"rich rules audit" " " 8
at_xfail=no
(
- printf "%s\n" "252. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "255. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -259011,13 +260687,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_252
-#AT_START_253
-at_fn_group_banner 253 'firewall-cmd.at:1411' \
+#AT_STOP_255
+#AT_START_256
+at_fn_group_banner 256 'firewall-cmd.at:1411' \
"rich rules priority" " " 8
at_xfail=no
(
- printf "%s\n" "253. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "256. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -262708,13 +264384,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_253
-#AT_START_254
-at_fn_group_banner 254 'firewall-cmd.at:1966' \
+#AT_STOP_256
+#AT_START_257
+at_fn_group_banner 257 'firewall-cmd.at:1966' \
"rich rules bad" " " 8
at_xfail=no
(
- printf "%s\n" "254. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "257. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -263978,13 +265654,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_254
-#AT_START_255
-at_fn_group_banner 255 'firewall-cmd.at:2009' \
+#AT_STOP_257
+#AT_START_258
+at_fn_group_banner 258 'firewall-cmd.at:2009' \
"config validation" " " 8
at_xfail=no
(
- printf "%s\n" "255. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "258. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -265770,13 +267446,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_255
-#AT_START_256
-at_fn_group_banner 256 'rhbz1514043.at:1' \
+#AT_STOP_258
+#AT_START_259
+at_fn_group_banner 259 'rhbz1514043.at:1' \
"--set-log-denied does not zero config" " " 9
at_xfail=no
(
- printf "%s\n" "256. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "259. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -266329,13 +268005,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_256
-#AT_START_257
-at_fn_group_banner 257 'rhbz1498923.at:1' \
+#AT_STOP_259
+#AT_START_260
+at_fn_group_banner 260 'rhbz1498923.at:1' \
"invalid direct rule causes reload error" " " 9
at_xfail=no
(
- printf "%s\n" "257. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "260. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -267105,13 +268781,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_257
-#AT_START_258
-at_fn_group_banner 258 'pr181.at:1' \
+#AT_STOP_260
+#AT_START_261
+at_fn_group_banner 261 'pr181.at:1' \
"combined zones name length check" " " 9
at_xfail=no
(
- printf "%s\n" "258. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "261. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -267616,13 +269292,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_258
-#AT_START_259
-at_fn_group_banner 259 'gh287.at:1' \
+#AT_STOP_261
+#AT_START_262
+at_fn_group_banner 262 'gh287.at:1' \
"ICMP block inversion" " " 9
at_xfail=no
(
- printf "%s\n" "259. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "262. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -268052,13 +269728,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_259
-#AT_START_260
-at_fn_group_banner 260 'individual_calls.at:1' \
+#AT_STOP_262
+#AT_START_263
+at_fn_group_banner 263 'individual_calls.at:1' \
"individual calls" " " 9
at_xfail=no
(
- printf "%s\n" "260. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "263. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -268384,13 +270060,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_260
-#AT_START_261
-at_fn_group_banner 261 'rhbz1534571.at:3' \
+#AT_STOP_263
+#AT_START_264
+at_fn_group_banner 264 'rhbz1534571.at:3' \
"rule deduplication" " " 9
at_xfail=no
(
- printf "%s\n" "261. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "264. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -268818,13 +270494,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_261
-#AT_START_262
-at_fn_group_banner 262 'gh290.at:1' \
+#AT_STOP_264
+#AT_START_265
+at_fn_group_banner 265 'gh290.at:1' \
"invalid syntax in xml files" " " 9
at_xfail=no
(
- printf "%s\n" "262. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "265. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -269238,13 +270914,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_262
-#AT_START_263
-at_fn_group_banner 263 'gh290.at:19' \
+#AT_STOP_265
+#AT_START_266
+at_fn_group_banner 266 'gh290.at:19' \
"invalid syntax in xml files" " " 9
at_xfail=no
(
- printf "%s\n" "263. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "266. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -269664,13 +271340,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_263
-#AT_START_264
-at_fn_group_banner 264 'icmp_block_in_forward_chain.at:1' \
+#AT_STOP_266
+#AT_START_267
+at_fn_group_banner 267 'icmp_block_in_forward_chain.at:1' \
"ICMP block not present FORWARD chain" " " 9
at_xfail=no
(
- printf "%s\n" "264. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "267. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -270030,13 +271706,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_264
-#AT_START_265
-at_fn_group_banner 265 'pr323.at:1' \
+#AT_STOP_267
+#AT_START_268
+at_fn_group_banner 268 'pr323.at:1' \
"GRE proto helper" " " 9
at_xfail=no
(
- printf "%s\n" "265. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "268. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -270386,13 +272062,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_265
-#AT_START_266
-at_fn_group_banner 266 'rhbz1506742.at:1' \
+#AT_STOP_268
+#AT_START_269
+at_fn_group_banner 269 'rhbz1506742.at:1' \
"ipset with timeout" " " 9
at_xfail=no
(
- printf "%s\n" "266. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "269. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -270896,13 +272572,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_266
-#AT_START_267
-at_fn_group_banner 267 'rhbz1594657.at:1' \
+#AT_STOP_269
+#AT_START_270
+at_fn_group_banner 270 'rhbz1594657.at:1' \
"no log untracked passthrough queries" " " 9
at_xfail=no
(
- printf "%s\n" "267. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "270. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -271345,13 +273021,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_267
-#AT_START_268
-at_fn_group_banner 268 'rhbz1571957.at:1' \
+#AT_STOP_270
+#AT_START_271
+at_fn_group_banner 271 'rhbz1571957.at:1' \
"set-log-denied w/ ICMP block inversion" " " 9
at_xfail=no
(
- printf "%s\n" "268. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "271. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -271814,13 +273490,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_268
-#AT_START_269
-at_fn_group_banner 269 'rhbz1404076.at:1' \
+#AT_STOP_271
+#AT_START_272
+at_fn_group_banner 272 'rhbz1404076.at:1' \
"query single port added with range" " " 9
at_xfail=no
(
- printf "%s\n" "269. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "272. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -275719,13 +277395,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_269
-#AT_START_270
-at_fn_group_banner 270 'gh366.at:1' \
+#AT_STOP_272
+#AT_START_273
+at_fn_group_banner 273 'gh366.at:1' \
"service destination multiple IP versions" " " 9
at_xfail=no
(
- printf "%s\n" "270. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "273. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -276237,13 +277913,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_270
-#AT_START_271
-at_fn_group_banner 271 'rhbz1601610.at:1' \
+#AT_STOP_273
+#AT_START_274
+at_fn_group_banner 274 'rhbz1601610.at:1' \
"ipset duplicate entries" " " 9
at_xfail=no
(
- printf "%s\n" "271. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "274. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -277158,13 +278834,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_271
-#AT_START_272
-at_fn_group_banner 272 'gh303.at:1' \
+#AT_STOP_274
+#AT_START_275
+at_fn_group_banner 275 'gh303.at:1' \
"unicode in XML" " " 9
at_xfail=no
(
- printf "%s\n" "272. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "275. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -277583,13 +279259,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_272
-#AT_START_273
-at_fn_group_banner 273 'gh335.at:1' \
+#AT_STOP_275
+#AT_START_276
+at_fn_group_banner 276 'gh335.at:1' \
"forward-port toaddr enables IP forwarding" " " 9
at_xfail=no
(
- printf "%s\n" "273. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "276. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -278637,13 +280313,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_273
-#AT_START_274
-at_fn_group_banner 274 'gh482.at:1' \
+#AT_STOP_276
+#AT_START_277
+at_fn_group_banner 277 'gh482.at:1' \
"remove forward-port after reload" " " 9
at_xfail=no
(
- printf "%s\n" "274. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "277. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -279150,13 +280826,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_274
-#AT_START_275
-at_fn_group_banner 275 'gh478.at:1' \
+#AT_STOP_277
+#AT_START_278
+at_fn_group_banner 278 'gh478.at:1' \
"rich rule marks every packet" " " 9
at_xfail=no
(
- printf "%s\n" "275. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "278. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -279566,13 +281242,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_275
-#AT_START_276
-at_fn_group_banner 276 'gh258.at:1' \
+#AT_STOP_278
+#AT_START_279
+at_fn_group_banner 279 'gh258.at:1' \
"zone dispatch layout" " " 9
at_xfail=no
(
- printf "%s\n" "276. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "279. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -281137,13 +282813,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_276
-#AT_START_277
-at_fn_group_banner 277 'rhbz1715977.at:1' \
+#AT_STOP_279
+#AT_START_280
+at_fn_group_banner 280 'rhbz1715977.at:1' \
"rich rule src/dst with service destination" " " 9
at_xfail=no
(
- printf "%s\n" "277. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "280. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -281865,13 +283541,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_277
-#AT_START_278
-at_fn_group_banner 278 'rhbz1723610.at:1' \
+#AT_STOP_280
+#AT_START_281
+at_fn_group_banner 281 'rhbz1723610.at:1' \
"direct remove-rules per family" " " 9
at_xfail=no
(
- printf "%s\n" "278. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "281. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -282669,13 +284345,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_278
-#AT_START_279
-at_fn_group_banner 279 'rhbz1734765.at:1' \
+#AT_STOP_281
+#AT_START_282
+at_fn_group_banner 282 'rhbz1734765.at:1' \
"zone sources ordered by name" " " 9
at_xfail=no
(
- printf "%s\n" "279. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "282. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -283836,13 +285512,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_279
-#AT_START_280
-at_fn_group_banner 280 'gh567.at:1' \
+#AT_STOP_282
+#AT_START_283
+at_fn_group_banner 283 'gh567.at:1' \
"rich rule source w/ mark action" " " 9
at_xfail=no
(
- printf "%s\n" "280. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "283. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -284203,13 +285879,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_280
-#AT_START_281
-at_fn_group_banner 281 'rhbz1779835.at:1' \
+#AT_STOP_283
+#AT_START_284
+at_fn_group_banner 284 'rhbz1779835.at:1' \
"ipv6 address with brackets" " " 9
at_xfail=no
(
- printf "%s\n" "281. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "284. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -284624,13 +286300,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_281
-#AT_START_282
-at_fn_group_banner 282 'rhbz1779835.at:16' \
+#AT_STOP_284
+#AT_START_285
+at_fn_group_banner 285 'rhbz1779835.at:16' \
"ipv6 address with brackets" " " 9
at_xfail=no
(
- printf "%s\n" "282. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "285. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -285092,13 +286768,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_282
-#AT_START_283
-at_fn_group_banner 283 'gh330.at:1' \
+#AT_STOP_285
+#AT_START_286
+at_fn_group_banner 286 'gh330.at:1' \
"ipset cleanup on reload/stop" " " 9
at_xfail=no
(
- printf "%s\n" "283. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "286. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -286292,13 +287968,13 @@ at_fn_check_skip 99 "$at_srcdir/gh330.at:142"
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_283
-#AT_START_284
-at_fn_group_banner 284 'gh599.at:1' \
+#AT_STOP_286
+#AT_START_287
+at_fn_group_banner 287 'gh599.at:1' \
"writing to log after copytruncate" " " 9
at_xfail=no
(
- printf "%s\n" "284. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "287. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -286632,13 +288308,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_284
-#AT_START_285
-at_fn_group_banner 285 'rhbz1829104.at:1' \
+#AT_STOP_287
+#AT_START_288
+at_fn_group_banner 288 'rhbz1829104.at:1' \
"direct rule in zone chain" " " 9
at_xfail=no
(
- printf "%s\n" "285. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "288. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -287607,13 +289283,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_285
-#AT_START_286
-at_fn_group_banner 286 'rhbz1843398.at:1' \
+#AT_STOP_288
+#AT_START_289
+at_fn_group_banner 289 'rhbz1843398.at:1' \
"rich rule source mac" " " 9
at_xfail=no
(
- printf "%s\n" "286. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "289. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -287964,13 +289640,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_286
-#AT_START_287
-at_fn_group_banner 287 'rhbz1839781.at:1' \
+#AT_STOP_289
+#AT_START_290
+at_fn_group_banner 290 'rhbz1839781.at:1' \
"service RH-Satellite-6" " " 9
at_xfail=no
(
- printf "%s\n" "287. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "290. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -288528,13 +290204,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_287
-#AT_START_288
-at_fn_group_banner 288 'rhbz1689429.at:1' \
+#AT_STOP_290
+#AT_START_291
+at_fn_group_banner 291 'rhbz1689429.at:1' \
"rich rule invalid priority" " " 9
at_xfail=no
(
- printf "%s\n" "288. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "291. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -288889,13 +290565,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_288
-#AT_START_289
-at_fn_group_banner 289 'rhbz1483921.at:1' \
+#AT_STOP_291
+#AT_START_292
+at_fn_group_banner 292 'rhbz1483921.at:1' \
"direct and zone mutually exclusive" " " 9
at_xfail=no
(
- printf "%s\n" "289. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "292. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -289214,13 +290890,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_289
-#AT_START_290
-at_fn_group_banner 290 'rhbz1541077.at:1' \
+#AT_STOP_292
+#AT_START_293
+at_fn_group_banner 293 'rhbz1541077.at:1' \
"hash:mac and family mutually exclusive" " " 9
at_xfail=no
(
- printf "%s\n" "290. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "293. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -289552,13 +291228,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_290
-#AT_START_291
-at_fn_group_banner 291 'rhbz1855140.at:1' \
+#AT_STOP_293
+#AT_START_294
+at_fn_group_banner 294 'rhbz1855140.at:1' \
"rich rule icmptypes with one family" " " 9
at_xfail=no
(
- printf "%s\n" "291. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "294. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -290192,13 +291868,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_291
-#AT_START_292
-at_fn_group_banner 292 'rhbz1871298.at:1' \
+#AT_STOP_294
+#AT_START_295
+at_fn_group_banner 295 'rhbz1871298.at:1' \
"rich rule parsing bottleneck" " " 9
at_xfail=no
(
- printf "%s\n" "292. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "295. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -290584,13 +292260,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_292
-#AT_START_293
-at_fn_group_banner 293 'rhbz1596304.at:1' \
+#AT_STOP_295
+#AT_START_296
+at_fn_group_banner 296 'rhbz1596304.at:1' \
"rich rules strip non-printable characters" " " 9
at_xfail=no
(
- printf "%s\n" "293. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "296. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -290958,13 +292634,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_293
-#AT_START_294
-at_fn_group_banner 294 'gh703.at:1' \
+#AT_STOP_296
+#AT_START_297
+at_fn_group_banner 297 'gh703.at:1' \
"add source with mac address" " " 9
at_xfail=no
(
- printf "%s\n" "294. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "297. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -291261,13 +292937,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_294
-#AT_START_295
-at_fn_group_banner 295 'ipset_netmask_allowed.at:1' \
+#AT_STOP_297
+#AT_START_298
+at_fn_group_banner 298 'ipset_netmask_allowed.at:1' \
"ipset netmask allowed type hash:ip" " " 9
at_xfail=no
(
- printf "%s\n" "295. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "298. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -291754,13 +293430,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_295
-#AT_START_296
-at_fn_group_banner 296 'rhbz1940928.at:1' \
+#AT_STOP_298
+#AT_START_299
+at_fn_group_banner 299 'rhbz1940928.at:1' \
"direct -s/-d multiple addresses" " " 9
at_xfail=no
(
- printf "%s\n" "296. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "299. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -292386,13 +294062,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_296
-#AT_START_297
-at_fn_group_banner 297 'rhbz1936896.at:1' \
+#AT_STOP_299
+#AT_START_300
+at_fn_group_banner 300 'rhbz1936896.at:1' \
"ipset type hash:net,net" " " 9
at_xfail=no
(
- printf "%s\n" "297. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "300. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -292818,13 +294494,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_297
-#AT_START_298
-at_fn_group_banner 298 'gh795.at:1' \
+#AT_STOP_300
+#AT_START_301
+at_fn_group_banner 301 'gh795.at:1' \
"ipset entry delete w/ timeout=0" " " 9
at_xfail=no
(
- printf "%s\n" "298. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "301. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -293455,13 +295131,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_298
-#AT_START_299
-at_fn_group_banner 299 'rhbz1914935.at:1' \
+#AT_STOP_301
+#AT_START_302
+at_fn_group_banner 302 'rhbz1914935.at:1' \
"zone overlapping ports" " " 9
at_xfail=no
(
- printf "%s\n" "299. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "302. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -294029,13 +295705,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_299
-#AT_START_300
-at_fn_group_banner 300 'gh696.at:1' \
+#AT_STOP_302
+#AT_START_303
+at_fn_group_banner 303 'gh696.at:1' \
"icmp-block-inversion no log blocked" " " 9
at_xfail=no
(
- printf "%s\n" "300. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "303. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -294782,13 +296458,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_300
-#AT_START_301
-at_fn_group_banner 301 'rhbz1917766.at:1' \
+#AT_STOP_303
+#AT_START_304
+at_fn_group_banner 304 'rhbz1917766.at:1' \
"rich rule source with netmask" " " 9
at_xfail=no
(
- printf "%s\n" "301. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "304. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -295172,13 +296848,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_301
-#AT_START_302
-at_fn_group_banner 302 'rhbz2014383.at:1' \
+#AT_STOP_304
+#AT_START_305
+at_fn_group_banner 305 'rhbz2014383.at:1' \
"same source in two zone xml" " " 9
at_xfail=no
(
- printf "%s\n" "302. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "305. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -295553,13 +297229,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_302
-#AT_START_303
-at_fn_group_banner 303 'gh874.at:1' \
+#AT_STOP_305
+#AT_START_306
+at_fn_group_banner 306 'gh874.at:1' \
"policy masquerade w/ ingress interface" " " 9
at_xfail=no
(
- printf "%s\n" "303. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "306. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -296032,13 +297708,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_303
-#AT_START_304
-at_fn_group_banner 304 'gh881.at:1' \
+#AT_STOP_306
+#AT_START_307
+at_fn_group_banner 307 'gh881.at:1' \
"ipset entry overlap detect perf" " " 9
at_xfail=no
(
- printf "%s\n" "304. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "307. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -296520,13 +298196,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_304
-#AT_START_305
-at_fn_group_banner 305 'service_includes_for_builtin.at:1' \
+#AT_STOP_307
+#AT_START_308
+at_fn_group_banner 308 'service_includes_for_builtin.at:1' \
"service include for built-in" " " 9
at_xfail=no
(
- printf "%s\n" "305. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "308. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -297018,13 +298694,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_305
-#AT_START_306
-at_fn_group_banner 306 'gh940.at:1' \
+#AT_STOP_308
+#AT_START_309
+at_fn_group_banner 309 'gh940.at:1' \
"log prefix" " " 9
at_xfail=no
(
- printf "%s\n" "306. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "309. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -297683,13 +299359,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_306
-#AT_START_307
-at_fn_group_banner 307 'build_policy_split_wildcard.at:1' \
+#AT_STOP_309
+#AT_START_310
+at_fn_group_banner 310 'build_policy_split_wildcard.at:1' \
"build policy split wildcards" " " 9
at_xfail=no
(
- printf "%s\n" "307. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "310. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -298224,13 +299900,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_307
-#AT_START_308
-at_fn_group_banner 308 'gh1011.at:1' \
+#AT_STOP_310
+#AT_START_311
+at_fn_group_banner 311 'gh1011.at:1' \
"remove entries results in empty" " " 9
at_xfail=no
(
- printf "%s\n" "308. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "311. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -298643,13 +300319,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_308
-#AT_START_309
-at_fn_group_banner 309 'rhbz2181406.at:1' \
+#AT_STOP_311
+#AT_START_312
+at_fn_group_banner 312 'rhbz2181406.at:1' \
"rich rule limit" " " 9
at_xfail=no
(
- printf "%s\n" "309. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "312. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -299156,13 +300832,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_309
-#AT_START_310
-at_fn_group_banner 310 'ipset_scale.at:1' \
+#AT_STOP_312
+#AT_START_313
+at_fn_group_banner 313 'ipset_scale.at:1' \
"ipset scale" " " 9
at_xfail=no
(
- printf "%s\n" "310. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "313. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -299558,13 +301234,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_310
-#AT_START_311
-at_fn_group_banner 311 'gh1129.at:16' \
+#AT_STOP_313
+#AT_START_314
+at_fn_group_banner 314 'gh1129.at:16' \
"switch backend to nftables and reload" " " 9
at_xfail=no
(
- printf "%s\n" "311. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "314. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -299909,13 +301585,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_311
-#AT_START_312
-at_fn_group_banner 312 'gh1146.at:1' \
+#AT_STOP_314
+#AT_START_315
+at_fn_group_banner 315 'gh1146.at:1' \
"policy with mixed family zone source" " " 9
at_xfail=no
(
- printf "%s\n" "312. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "315. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -300618,13 +302294,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_312
-#AT_START_313
-at_fn_group_banner 313 'gh1152.at:1' \
+#AT_STOP_315
+#AT_START_316
+at_fn_group_banner 316 'gh1152.at:1' \
"list-all identical content" " " 9
at_xfail=no
(
- printf "%s\n" "313. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "316. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -301689,13 +303365,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_313
-#AT_START_314
-at_fn_group_banner 314 'rhbz2222044.at:1' \
+#AT_STOP_316
+#AT_START_317
+at_fn_group_banner 317 'rhbz2222044.at:1' \
"duplicate rules after restart" " " 9
at_xfail=no
(
- printf "%s\n" "314. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "317. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -302454,13 +304130,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_314
-#AT_START_315
-at_fn_group_banner 315 'gh1229.at:1' \
+#AT_STOP_317
+#AT_START_318
+at_fn_group_banner 318 'gh1229.at:1' \
"policy dispatch with egress-zone=ANY" " " 9
at_xfail=no
(
- printf "%s\n" "315. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "318. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -303206,13 +304882,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_315
-#AT_START_316
-at_fn_group_banner 316 'gh1278.at:1' \
+#AT_STOP_318
+#AT_START_319
+at_fn_group_banner 319 'gh1278.at:1' \
"policy dispatch update if active" " " 9
at_xfail=no
(
- printf "%s\n" "316. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "319. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -303992,13 +305668,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_316
-#AT_START_317
-at_fn_group_banner 317 'gh1406.at:1' \
+#AT_STOP_319
+#AT_START_320
+at_fn_group_banner 320 'gh1406.at:1' \
"ipset iface" " " 9
at_xfail=no
(
- printf "%s\n" "317. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "320. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -304212,8 +305888,606 @@ _ATEOF
DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" `
if test $? -ne 0; then
- printf "%s\n" "gh1406.at:1" >"$at_check_line_file"
-at_fn_check_skip 99 "$at_srcdir/gh1406.at:1"
+ printf "%s\n" "gh1406.at:1" >"$at_check_line_file"
+at_fn_check_skip 99 "$at_srcdir/gh1406.at:1"
+ fi
+ echo "kill $DBUS_PID" >> ./cleanup_late
+
+
+
+
+
+
+
+ FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --log-target file --system-config ./"
+ ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}"
+ if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then
+ FIREWALLD_ARGS="${FIREWALLD_ARGS} --default-config ${FIREWALLD_DEFAULT_CONFIG}"
+ fi
+
+ env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS &
+ if test $? -ne 0; then
+ printf "%s\n" "gh1406.at:1" >"$at_check_line_file"
+at_fn_check_skip 99 "$at_srcdir/gh1406.at:1"
+ fi
+ echo "$!" > firewalld.pid
+
+ WANTED_CODE=""
+ up=0
+ for I in $(seq 60); do
+ env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state
+ RC=$?
+ echo "exit code = ${RC}"
+ if test ${RC} -eq ${WANTED_CODE:-0}; then
+ up=1
+ break
+ fi
+ sleep 1
+ done
+ printf "%s\n" "gh1406.at:1" >"$at_check_line_file"
+(test $up -ne 1) \
+ && at_fn_check_skip 99 "$at_srcdir/gh1406.at:1"
+
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/gh1406.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset foobar --type hash:net,iface "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh1406.at:4"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset foobar --type hash:net,iface
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+echo stdout:; cat "$at_stdout"
+at_fn_check_status 0 $at_status "$at_srcdir/gh1406.at:4"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/gh1406.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 10.10.10.0/24,dummy0 "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh1406.at:5"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 10.10.10.0/24,dummy0
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+echo stdout:; cat "$at_stdout"
+at_fn_check_status 0 $at_status "$at_srcdir/gh1406.at:5"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/gh1406.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone internal --add-source ipset:foobar "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh1406.at:6"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone internal --add-source ipset:foobar
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+echo stdout:; cat "$at_stdout"
+at_fn_check_status 0 $at_status "$at_srcdir/gh1406.at:6"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/gh1406.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy blah "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh1406.at:8"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy blah
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+echo stdout:; cat "$at_stdout"
+at_fn_check_status 0 $at_status "$at_srcdir/gh1406.at:8"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/gh1406.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy blah --add-ingress-zone HOST "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh1406.at:9"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy blah --add-ingress-zone HOST
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+echo stdout:; cat "$at_stdout"
+at_fn_check_status 0 $at_status "$at_srcdir/gh1406.at:9"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/gh1406.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy blah --add-egress-zone internal "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh1406.at:10"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy blah --add-egress-zone internal
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+echo stdout:; cat "$at_stdout"
+at_fn_check_status 0 $at_status "$at_srcdir/gh1406.at:10"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/gh1406.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh1406.at:11"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/gh1406.at:11"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/gh1406.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh1406.at:11"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/gh1406.at:11"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/gh1406.at:37: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\"
+ { { { { \$IPTABLES -w -n -t filter -L INPUT_POLICIES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 | sed -e 's/[ ]ipv6-icmp\\([ -]\\)/ icmpv6\\1/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]all/\\1 0/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]tcp/\\1 6/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]udp/\\1 17/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]icmpv6/\\1 58 /g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]icmp/\\1 1/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]sctp/\\1 132/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]dccp/\\1 33/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]\\+\\([^ ]*\\)[ ]\\+[-]\\?[-]\\?[ ]\\?/\\1 \\2 -- /g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1
+HERE
+ "
+at_fn_check_prepare_notrace 'a $(...) command substitution' "gh1406.at:37"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE"
+ { { { { $IPTABLES -w -n -t filter -L INPUT_POLICIES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 | sed -e 's/[ ]ipv6-icmp\([ -]\)/ icmpv6\1/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]all/\1 0/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]tcp/\1 6/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]udp/\1 17/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]icmpv6/\1 58 /g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]icmp/\1 1/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]sctp/\1 132/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]dccp/\1 33/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]\+\([^ ]*\)[ ]\+[-]\?[-]\?[ ]\?/\1 \2 -- /g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1
+HERE
+
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+echo >>"$at_stdout"; printf "%s\n" "IN_allow-host-ipv6 0 -- 0.0.0.0/0 0.0.0.0/0 match-set foobar src,src
+IN_internal 0 -- 0.0.0.0/0 0.0.0.0/0 match-set foobar src,src
+REJECT 0 -- 0.0.0.0/0 0.0.0.0/0 match-set foobar src,src reject-with icmp-port-unreachable
+IN_allow-host-ipv6 0 -- 0.0.0.0/0 0.0.0.0/0
+IN_public 0 -- 0.0.0.0/0 0.0.0.0/0
+REJECT 0 -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
+" | \
+ $at_diff - "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/gh1406.at:37"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+
+
+
+
+ if $IP6TABLES -L >/dev/null 2>&1; then
+ :
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/gh1406.at:45: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\"
+ { { { { \$IP6TABLES -w -n -t filter -L INPUT_POLICIES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 | sed -e 's/[ ]ipv6-icmp\\([ -]\\)/ icmpv6\\1/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]all/\\1 0/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]tcp/\\1 6/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]udp/\\1 17/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]icmpv6/\\1 58 /g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]icmp/\\1 1/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]sctp/\\1 132/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]dccp/\\1 33/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]\\+\\([^ ]*\\)[ ]\\+[-]\\?[-]\\?[ ]\\?/\\1 \\2 -- /g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1
+HERE
+ "
+at_fn_check_prepare_notrace 'a $(...) command substitution' "gh1406.at:45"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE"
+ { { { { $IP6TABLES -w -n -t filter -L INPUT_POLICIES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 | sed -e 's/[ ]ipv6-icmp\([ -]\)/ icmpv6\1/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]all/\1 0/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]tcp/\1 6/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]udp/\1 17/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]icmpv6/\1 58 /g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]icmp/\1 1/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]sctp/\1 132/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]dccp/\1 33/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]\+\([^ ]*\)[ ]\+[-]\?[-]\?[ ]\?/\1 \2 -- /g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1
+HERE
+
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+echo >>"$at_stdout"; printf "%s\n" "IN_allow-host-ipv6 0 -- ::/0 ::/0
+IN_public 0 -- ::/0 ::/0
+REJECT 0 -- ::/0 ::/0 reject-with icmp6-port-unreachable
+" | \
+ $at_diff - "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/gh1406.at:45"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+ else
+ :
+
+ fi
+
+
+
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/gh1406.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\"
+ { { { { \$IPTABLES -w -n -t filter -L OUTPUT_POLICIES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 | sed -e 's/[ ]ipv6-icmp\\([ -]\\)/ icmpv6\\1/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]all/\\1 0/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]tcp/\\1 6/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]udp/\\1 17/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]icmpv6/\\1 58 /g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]icmp/\\1 1/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]sctp/\\1 132/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]dccp/\\1 33/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]\\+\\([^ ]*\\)[ ]\\+[-]\\?[-]\\?[ ]\\?/\\1 \\2 -- /g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1
+HERE
+ "
+at_fn_check_prepare_notrace 'a $(...) command substitution' "gh1406.at:50"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE"
+ { { { { $IPTABLES -w -n -t filter -L OUTPUT_POLICIES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 | sed -e 's/[ ]ipv6-icmp\([ -]\)/ icmpv6\1/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]all/\1 0/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]tcp/\1 6/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]udp/\1 17/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]icmpv6/\1 58 /g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]icmp/\1 1/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]sctp/\1 132/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]dccp/\1 33/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]\+\([^ ]*\)[ ]\+[-]\?[-]\?[ ]\?/\1 \2 -- /g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1
+HERE
+
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+echo >>"$at_stdout"; printf "%s\n" "OUT_blah 0 -- 0.0.0.0/0 0.0.0.0/0 match-set foobar dst,dst
+OUT_internal 0 -- 0.0.0.0/0 0.0.0.0/0 match-set foobar dst,dst
+RETURN 0 -- 0.0.0.0/0 0.0.0.0/0 match-set foobar dst,dst
+OUT_public 0 -- 0.0.0.0/0 0.0.0.0/0
+RETURN 0 -- 0.0.0.0/0 0.0.0.0/0
+" | \
+ $at_diff - "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/gh1406.at:50"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+
+
+
+
+ if $IP6TABLES -L >/dev/null 2>&1; then
+ :
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/gh1406.at:57: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\"
+ { { { { \$IP6TABLES -w -n -t filter -L OUTPUT_POLICIES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 | sed -e 's/[ ]ipv6-icmp\\([ -]\\)/ icmpv6\\1/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]all/\\1 0/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]tcp/\\1 6/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]udp/\\1 17/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]icmpv6/\\1 58 /g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]icmp/\\1 1/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]sctp/\\1 132/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]dccp/\\1 33/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]\\+\\([^ ]*\\)[ ]\\+[-]\\?[-]\\?[ ]\\?/\\1 \\2 -- /g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1
+HERE
+ "
+at_fn_check_prepare_notrace 'a $(...) command substitution' "gh1406.at:57"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE"
+ { { { { $IP6TABLES -w -n -t filter -L OUTPUT_POLICIES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 | sed -e 's/[ ]ipv6-icmp\([ -]\)/ icmpv6\1/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]all/\1 0/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]tcp/\1 6/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]udp/\1 17/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]icmpv6/\1 58 /g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]icmp/\1 1/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]sctp/\1 132/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]dccp/\1 33/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]\+\([^ ]*\)[ ]\+[-]\?[-]\?[ ]\?/\1 \2 -- /g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1
+HERE
+
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+echo >>"$at_stdout"; printf "%s\n" "OUT_public 0 -- ::/0 ::/0
+RETURN 0 -- ::/0 ::/0
+" | \
+ $at_diff - "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/gh1406.at:57"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+ else
+ :
+
+ fi
+
+
+
+
+
+
+
+
+ if test x"" != x"ignore"; then
+ printf "%s\n" "gh1406.at:62" >"$at_check_line_file"
+(cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \
+ && at_fn_check_skip 99 "$at_srcdir/gh1406.at:62"
+ fi
+
+
+
+ set +x
+ $at_times_p && times >"$at_times_file"
+) 5>&1 2>&1 7>&- | eval $at_tee_pipe
+read at_status <"$at_status_file"
+#AT_STOP_320
+#AT_START_321
+at_fn_group_banner 321 'RHEL-67103.at:1' \
+ "rich rule invalid ipset" " " 9
+at_xfail=no
+(
+ printf "%s\n" "321. $at_setup_line: testing $at_desc ..."
+ $at_traceon
+
+
+
+
+
+
+
+
+
+ test -z "$PYTHON" && export PYTHON="python3"
+ test -z "$EBTABLES" && export EBTABLES="ebtables"
+ test -z "$IPTABLES" && export IPTABLES="iptables"
+ test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore"
+ test -z "$IP6TABLES" && export IP6TABLES="ip6tables"
+ test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore"
+ test -z "$IPSET" && export IPSET="ipset"
+ test -z "$PODMAN" && export PODMAN="podman"
+
+ if locale -a |grep "^C.utf8" >/dev/null; then
+ LC_ALL="C.UTF-8"
+ export LC_ALL
+ fi
+
+ ULIMIT_VAL=""
+ if test -z "$ULIMIT_VAL" ; then
+ ULIMIT_VAL=102400
+ fi
+ if test "$ULIMIT_VAL" -ne 0 ; then
+ ulimit -d "$ULIMIT_VAL"
+ fi
+
+ if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then
+ { set +x
+printf "%s\n" "$at_srcdir/RHEL-67103.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi"
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:1"
+( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/RHEL-67103.at:1"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+ else
+ { set +x
+printf "%s\n" "$at_srcdir/RHEL-67103.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi"
+at_fn_check_prepare_trace "RHEL-67103.at:1"
+( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/RHEL-67103.at:1"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+ fi
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/RHEL-67103.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf"
+at_fn_check_prepare_trace "RHEL-67103.at:1"
+( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/RHEL-67103.at:1"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+ kill_firewalld() {
+
+ pid=$(cat firewalld.pid)
+ kill $pid
+ for I in 1 2 3 4 5 6 7 8 9 0; do
+ ps --pid $pid >/dev/null || { pid=0; break; }
+ sleep 1
+ done
+ test $pid -eq 0 || { kill -9 $pid; sleep 3; }
+
+ }
+ kill_networkmanager() {
+ if test -f networkmanager.pid; then
+
+ pid=$(cat networkmanager.pid)
+ kill $pid
+ for I in 1 2 3 4 5 6 7 8 9 0; do
+ ps --pid $pid >/dev/null || { pid=0; break; }
+ sleep 1
+ done
+ test $pid -eq 0 || { kill -9 $pid; sleep 3; }
+
+ fi
+ }
+
+ echo "" > cleanup
+ echo "" > cleanup_late
+ trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT
+
+
+
+
+
+ echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late
+ { set +x
+printf "%s\n" "$at_srcdir/RHEL-67103.at:1: ip netns add fwd-test-\${at_group_normalized}"
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:1"
+( $at_check_trace; ip netns add fwd-test-${at_group_normalized}
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/RHEL-67103.at:1"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+ printf "%s\n" "RHEL-67103.at:1" >"$at_check_line_file"
+(! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \
+ && at_fn_check_skip 77 "$at_srcdir/RHEL-67103.at:1"
+
+
+
+
+ cat >./dbus.conf <<'_ATEOF'
+
+ <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+ <busconfig>
+ <fork />
+ <auth>EXTERNAL</auth>
+ <listen>unix:path=/tmp/dummy</listen>
+ <policy context="default">
+ <allow user="*"/>
+ <allow send_type="signal"/>
+ <allow send_requested_reply="true" send_type="method_return"/>
+ <allow send_requested_reply="true" send_type="error"/>
+ <allow receive_type="method_call"/>
+ <allow receive_type="method_return"/>
+ <allow receive_type="error"/>
+ <allow receive_type="signal"/>
+ <allow send_destination="org.freedesktop.DBus"/>
+ </policy>
+ <!-- from .../config/FirewallD.conf -->
+ <policy user="root">
+ <allow own="org.fedoraproject.FirewallD1"/>
+ <allow own="org.fedoraproject.FirewallD1.config"/>
+ <allow send_destination="org.fedoraproject.FirewallD1"/>
+ <allow send_destination="org.fedoraproject.FirewallD1.config"/>
+ </policy>
+ <policy context="default">
+ <allow send_destination="org.fedoraproject.FirewallD1"/>
+ <allow send_destination="org.fedoraproject.FirewallD1"
+ send_interface="org.freedesktop.DBus.Introspectable"/>
+ <allow send_destination="org.fedoraproject.FirewallD1"
+ send_interface="org.freedesktop.DBus.Properties"/>
+ <allow send_destination="org.fedoraproject.FirewallD1.config"/>
+ </policy>
+
+ <!-- from org.freedesktop.NetworkManager.conf -->
+ <policy user="root">
+ <allow own="org.freedesktop.NetworkManager"/>
+ <allow send_destination="org.freedesktop.NetworkManager"/>
+
+ <allow send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager.PPP"/>
+
+ <allow send_interface="org.freedesktop.NetworkManager.SecretAgent"/>
+ <!-- These are there because some broken policies do
+ <deny send_interface="..." /> (see dbus-daemon(8) for details).
+ This seems to override that for the known VPN plugins.
+ -->
+ <allow send_destination="org.freedesktop.NetworkManager.openconnect"/>
+ <allow send_destination="org.freedesktop.NetworkManager.openswan"/>
+ <allow send_destination="org.freedesktop.NetworkManager.openvpn"/>
+ <allow send_destination="org.freedesktop.NetworkManager.pptp"/>
+ <allow send_destination="org.freedesktop.NetworkManager.vpnc"/>
+ <allow send_destination="org.freedesktop.NetworkManager.ssh"/>
+ <allow send_destination="org.freedesktop.NetworkManager.iodine"/>
+ <allow send_destination="org.freedesktop.NetworkManager.l2tp"/>
+ <allow send_destination="org.freedesktop.NetworkManager.libreswan"/>
+ <allow send_destination="org.freedesktop.NetworkManager.fortisslvpn"/>
+ <allow send_destination="org.freedesktop.NetworkManager.strongswan"/>
+ <allow send_interface="org.freedesktop.NetworkManager.VPN.Plugin"/>
+
+ <allow send_destination="org.fedoraproject.FirewallD1"/>
+
+ <!-- Allow the custom name for the dnsmasq instance spawned by NM
+ from the dns dnsmasq plugin to own it's dbus name, and for
+ messages to be sent to it.
+ -->
+ <allow own="org.freedesktop.NetworkManager.dnsmasq"/>
+ <allow send_destination="org.freedesktop.NetworkManager.dnsmasq"/>
+ </policy>
+ </busconfig>
+_ATEOF
+
+
+ DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" `
+ if test $? -ne 0; then
+ printf "%s\n" "RHEL-67103.at:1" >"$at_check_line_file"
+at_fn_check_skip 99 "$at_srcdir/RHEL-67103.at:1"
fi
echo "kill $DBUS_PID" >> ./cleanup_late
@@ -304231,8 +306505,8 @@ at_fn_check_skip 99 "$at_srcdir/gh1406.at:1"
env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS &
if test $? -ne 0; then
- printf "%s\n" "gh1406.at:1" >"$at_check_line_file"
-at_fn_check_skip 99 "$at_srcdir/gh1406.at:1"
+ printf "%s\n" "RHEL-67103.at:1" >"$at_check_line_file"
+at_fn_check_skip 99 "$at_srcdir/RHEL-67103.at:1"
fi
echo "$!" > firewalld.pid
@@ -304248,9 +306522,9 @@ at_fn_check_skip 99 "$at_srcdir/gh1406.at:1"
fi
sleep 1
done
- printf "%s\n" "gh1406.at:1" >"$at_check_line_file"
+ printf "%s\n" "RHEL-67103.at:1" >"$at_check_line_file"
(test $up -ne 1) \
- && at_fn_check_skip 99 "$at_srcdir/gh1406.at:1"
+ && at_fn_check_skip 99 "$at_srcdir/RHEL-67103.at:1"
@@ -304260,15 +306534,15 @@ at_fn_check_skip 99 "$at_srcdir/gh1406.at:1"
{ set +x
-printf "%s\n" "$at_srcdir/gh1406.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset foobar --type hash:net,iface "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh1406.at:4"
-( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset foobar --type hash:net,iface
+printf "%s\n" "$at_srcdir/RHEL-67103.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset thisexists --type=hash:net "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:5"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset thisexists --type=hash:net
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/gh1406.at:4"
+at_fn_check_status 0 $at_status "$at_srcdir/RHEL-67103.at:5"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -304279,15 +306553,15 @@ $at_traceon; }
{ set +x
-printf "%s\n" "$at_srcdir/gh1406.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 10.10.10.0/24,dummy0 "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh1406.at:5"
-( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 10.10.10.0/24,dummy0
+printf "%s\n" "$at_srcdir/RHEL-67103.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule=\"rule family=ipv4 source ipset=thisexists accept\" "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:6"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source ipset=thisexists accept"
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/gh1406.at:5"
+at_fn_check_status 0 $at_status "$at_srcdir/RHEL-67103.at:6"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -304298,15 +306572,15 @@ $at_traceon; }
{ set +x
-printf "%s\n" "$at_srcdir/gh1406.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone internal --add-source ipset:foobar "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh1406.at:6"
-( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone internal --add-source ipset:foobar
+printf "%s\n" "$at_srcdir/RHEL-67103.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule=\"rule family=ipv4 destination ipset=thisexists accept\" "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:7"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule="rule family=ipv4 destination ipset=thisexists accept"
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/gh1406.at:6"
+at_fn_check_status 0 $at_status "$at_srcdir/RHEL-67103.at:7"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -304318,15 +306592,15 @@ $at_traceon; }
{ set +x
-printf "%s\n" "$at_srcdir/gh1406.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy blah "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh1406.at:8"
-( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy blah
+printf "%s\n" "$at_srcdir/RHEL-67103.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:8"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/gh1406.at:8"
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/RHEL-67103.at:8"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -304337,15 +306611,15 @@ $at_traceon; }
{ set +x
-printf "%s\n" "$at_srcdir/gh1406.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy blah --add-ingress-zone HOST "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh1406.at:9"
-( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy blah --add-ingress-zone HOST
+printf "%s\n" "$at_srcdir/RHEL-67103.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:8"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/gh1406.at:9"
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/RHEL-67103.at:8"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -304355,36 +306629,18 @@ $at_traceon; }
- { set +x
-printf "%s\n" "$at_srcdir/gh1406.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy blah --add-egress-zone internal "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh1406.at:10"
-( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy blah --add-egress-zone internal
-) >>"$at_stdout" 2>>"$at_stderr" 5>&-
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/gh1406.at:10"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
-
-
-
-
{ set +x
-printf "%s\n" "$at_srcdir/gh1406.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh1406.at:11"
-( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload
+printf "%s\n" "$at_srcdir/RHEL-67103.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule=\"rule family=ipv4 source ipset=doesnotexist accept\" "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:11"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule="rule family=ipv4 source ipset=doesnotexist accept"
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/gh1406.at:11"
+echo stderr:; cat "$at_stderr"
+echo stdout:; cat "$at_stdout"
+at_fn_check_status 135 $at_status "$at_srcdir/RHEL-67103.at:11"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -304395,15 +306651,15 @@ $at_traceon; }
{ set +x
-printf "%s\n" "$at_srcdir/gh1406.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh1406.at:11"
-( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state
+printf "%s\n" "$at_srcdir/RHEL-67103.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule=\"rule family=ipv4 source ipset=doesnotexist accept\" "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:12"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source ipset=doesnotexist accept"
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/gh1406.at:11"
+echo stderr:; cat "$at_stderr"
+echo stdout:; cat "$at_stdout"
+at_fn_check_status 135 $at_status "$at_srcdir/RHEL-67103.at:12"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -304413,40 +306669,16 @@ $at_traceon; }
-
-
-
-
-
-
-
-
-
-
-
{ set +x
-printf "%s\n" "$at_srcdir/gh1406.at:37: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\"
- { { { { \$IPTABLES -w -n -t filter -L INPUT_POLICIES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 | sed -e 's/[ ]ipv6-icmp\\([ -]\\)/ icmpv6\\1/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]all/\\1 0/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]tcp/\\1 6/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]udp/\\1 17/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]icmpv6/\\1 58 /g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]icmp/\\1 1/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]sctp/\\1 132/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]dccp/\\1 33/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]\\+\\([^ ]*\\)[ ]\\+[-]\\?[-]\\?[ ]\\?/\\1 \\2 -- /g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1
-HERE
- "
-at_fn_check_prepare_notrace 'a $(...) command substitution' "gh1406.at:37"
-( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE"
- { { { { $IPTABLES -w -n -t filter -L INPUT_POLICIES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 | sed -e 's/[ ]ipv6-icmp\([ -]\)/ icmpv6\1/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]all/\1 0/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]tcp/\1 6/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]udp/\1 17/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]icmpv6/\1 58 /g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]icmp/\1 1/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]sctp/\1 132/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]dccp/\1 33/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]\+\([^ ]*\)[ ]\+[-]\?[-]\?[ ]\?/\1 \2 -- /g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1
-HERE
-
+printf "%s\n" "$at_srcdir/RHEL-67103.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule=\"rule family=ipv4 destination ipset=doesnotexist accept\" "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:13"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule="rule family=ipv4 destination ipset=doesnotexist accept"
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo >>"$at_stdout"; printf "%s\n" "IN_allow-host-ipv6 0 -- 0.0.0.0/0 0.0.0.0/0 match-set foobar src,src
-IN_internal 0 -- 0.0.0.0/0 0.0.0.0/0 match-set foobar src,src
-REJECT 0 -- 0.0.0.0/0 0.0.0.0/0 match-set foobar src,src reject-with icmp-port-unreachable
-IN_allow-host-ipv6 0 -- 0.0.0.0/0 0.0.0.0/0
-IN_public 0 -- 0.0.0.0/0 0.0.0.0/0
-REJECT 0 -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
-" | \
- $at_diff - "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/gh1406.at:37"
+echo stderr:; cat "$at_stderr"
+echo stdout:; cat "$at_stdout"
+at_fn_check_status 135 $at_status "$at_srcdir/RHEL-67103.at:13"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -304456,75 +306688,53 @@ $at_traceon; }
-
-
-
-
- if $IP6TABLES -L >/dev/null 2>&1; then
- :
-
-
{ set +x
-printf "%s\n" "$at_srcdir/gh1406.at:45: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\"
- { { { { \$IP6TABLES -w -n -t filter -L INPUT_POLICIES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 | sed -e 's/[ ]ipv6-icmp\\([ -]\\)/ icmpv6\\1/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]all/\\1 0/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]tcp/\\1 6/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]udp/\\1 17/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]icmpv6/\\1 58 /g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]icmp/\\1 1/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]sctp/\\1 132/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]dccp/\\1 33/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]\\+\\([^ ]*\\)[ ]\\+[-]\\?[-]\\?[ ]\\?/\\1 \\2 -- /g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1
-HERE
- "
-at_fn_check_prepare_notrace 'a $(...) command substitution' "gh1406.at:45"
-( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE"
- { { { { $IP6TABLES -w -n -t filter -L INPUT_POLICIES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 | sed -e 's/[ ]ipv6-icmp\([ -]\)/ icmpv6\1/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]all/\1 0/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]tcp/\1 6/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]udp/\1 17/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]icmpv6/\1 58 /g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]icmp/\1 1/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]sctp/\1 132/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]dccp/\1 33/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]\+\([^ ]*\)[ ]\+[-]\?[-]\?[ ]\?/\1 \2 -- /g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1
-HERE
-
+printf "%s\n" "$at_srcdir/RHEL-67103.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule=\"rule family=ipv4 destination ipset=doesnotexist accept\" "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:14"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule="rule family=ipv4 destination ipset=doesnotexist accept"
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo >>"$at_stdout"; printf "%s\n" "IN_allow-host-ipv6 0 -- ::/0 ::/0
-IN_public 0 -- ::/0 ::/0
-REJECT 0 -- ::/0 ::/0 reject-with icmp6-port-unreachable
-" | \
- $at_diff - "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/gh1406.at:45"
+echo stderr:; cat "$at_stderr"
+echo stdout:; cat "$at_stdout"
+at_fn_check_status 135 $at_status "$at_srcdir/RHEL-67103.at:14"
$at_failed && at_fn_log_failure
$at_traceon; }
- else
- :
-
- fi
-
-
-
+cat >./zones/broken.xml <<'_ATEOF'
+<?xml version="1.0" encoding="utf-8"?>
+<zone>
+<short>broken</short>
+<rule family="ipv4">
+<source ipset="doesnotexist"/>
+<accept/>
+</rule>
+<rule family="ipv4">
+<destination ipset="doesnotexist"/>
+<accept/>
+</rule>
+<forward/>
+</zone>
+_ATEOF
{ set +x
-printf "%s\n" "$at_srcdir/gh1406.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\"
- { { { { \$IPTABLES -w -n -t filter -L OUTPUT_POLICIES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 | sed -e 's/[ ]ipv6-icmp\\([ -]\\)/ icmpv6\\1/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]all/\\1 0/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]tcp/\\1 6/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]udp/\\1 17/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]icmpv6/\\1 58 /g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]icmp/\\1 1/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]sctp/\\1 132/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]dccp/\\1 33/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]\\+\\([^ ]*\\)[ ]\\+[-]\\?[-]\\?[ ]\\?/\\1 \\2 -- /g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1
-HERE
- "
-at_fn_check_prepare_notrace 'a $(...) command substitution' "gh1406.at:50"
-( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE"
- { { { { $IPTABLES -w -n -t filter -L OUTPUT_POLICIES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 | sed -e 's/[ ]ipv6-icmp\([ -]\)/ icmpv6\1/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]all/\1 0/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]tcp/\1 6/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]udp/\1 17/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]icmpv6/\1 58 /g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]icmp/\1 1/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]sctp/\1 132/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]dccp/\1 33/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]\+\([^ ]*\)[ ]\+[-]\?[-]\?[ ]\?/\1 \2 -- /g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1
-HERE
-
+printf "%s\n" "$at_srcdir/RHEL-67103.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:32"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo >>"$at_stdout"; printf "%s\n" "OUT_blah 0 -- 0.0.0.0/0 0.0.0.0/0 match-set foobar dst,dst
-OUT_internal 0 -- 0.0.0.0/0 0.0.0.0/0 match-set foobar dst,dst
-RETURN 0 -- 0.0.0.0/0 0.0.0.0/0 match-set foobar dst,dst
-OUT_public 0 -- 0.0.0.0/0 0.0.0.0/0
-RETURN 0 -- 0.0.0.0/0 0.0.0.0/0
-" | \
- $at_diff - "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/gh1406.at:50"
+echo stderr:; cat "$at_stderr"
+echo stdout:; cat "$at_stdout"
+at_fn_check_status 135 $at_status "$at_srcdir/RHEL-67103.at:32"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -304534,54 +306744,30 @@ $at_traceon; }
-
-
-
-
- if $IP6TABLES -L >/dev/null 2>&1; then
- :
-
-
{ set +x
-printf "%s\n" "$at_srcdir/gh1406.at:57: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\"
- { { { { \$IP6TABLES -w -n -t filter -L OUTPUT_POLICIES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 | sed -e 's/[ ]ipv6-icmp\\([ -]\\)/ icmpv6\\1/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]all/\\1 0/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]tcp/\\1 6/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]udp/\\1 17/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]icmpv6/\\1 58 /g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]icmp/\\1 1/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]sctp/\\1 132/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]dccp/\\1 33/g' -e 's/^\\([-a-zA-Z0-9_]\\+\\)[ ]\\+\\([^ ]*\\)[ ]\\+[-]\\?[-]\\?[ ]\\?/\\1 \\2 -- /g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1
-HERE
- "
-at_fn_check_prepare_notrace 'a $(...) command substitution' "gh1406.at:57"
-( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE"
- { { { { $IP6TABLES -w -n -t filter -L OUTPUT_POLICIES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 | sed -e 's/[ ]ipv6-icmp\([ -]\)/ icmpv6\1/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]all/\1 0/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]tcp/\1 6/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]udp/\1 17/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]icmpv6/\1 58 /g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]icmp/\1 1/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]sctp/\1 132/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]dccp/\1 33/g' -e 's/^\([-a-zA-Z0-9_]\+\)[ ]\+\([^ ]*\)[ ]\+[-]\?[-]\?[ ]\?/\1 \2 -- /g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1
-HERE
-
+printf "%s\n" "$at_srcdir/RHEL-67103.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "RHEL-67103.at:32"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo >>"$at_stdout"; printf "%s\n" "OUT_public 0 -- ::/0 ::/0
-RETURN 0 -- ::/0 ::/0
-" | \
- $at_diff - "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/gh1406.at:57"
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/RHEL-67103.at:32"
$at_failed && at_fn_log_failure
$at_traceon; }
- else
- :
- fi
-
-
-
-
- if test x"" != x"ignore"; then
- printf "%s\n" "gh1406.at:62" >"$at_check_line_file"
-(cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \
- && at_fn_check_skip 99 "$at_srcdir/gh1406.at:62"
+ if test x"-e '/ERROR: INVALID_IPSET/d'" != x"ignore"; then
+ printf "%s\n" "RHEL-67103.at:34" >"$at_check_line_file"
+(cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_IPSET/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \
+ && at_fn_check_skip 99 "$at_srcdir/RHEL-67103.at:34"
fi
@@ -304590,13 +306776,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_317
-#AT_START_318
-at_fn_group_banner 318 'python.at:3' \
+#AT_STOP_321
+#AT_START_322
+at_fn_group_banner 322 'python.at:3' \
"firewalld_misc.py" " " 10
at_xfail=no
(
- printf "%s\n" "318. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "322. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -304882,13 +307068,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_318
-#AT_START_319
-at_fn_group_banner 319 'python.at:8' \
+#AT_STOP_322
+#AT_START_323
+at_fn_group_banner 323 'python.at:8' \
"firewalld_config.py" " " 10
at_xfail=no
(
- printf "%s\n" "319. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "323. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -305174,13 +307360,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_319
-#AT_START_320
-at_fn_group_banner 320 'python.at:13' \
+#AT_STOP_323
+#AT_START_324
+at_fn_group_banner 324 'python.at:13' \
"firewalld_rich.py" " " 10
at_xfail=no
(
- printf "%s\n" "320. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "324. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -305466,13 +307652,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_320
-#AT_START_321
-at_fn_group_banner 321 'python.at:18' \
+#AT_STOP_324
+#AT_START_325
+at_fn_group_banner 325 'python.at:18' \
"firewalld_direct.py" " " 10
at_xfail=no
(
- printf "%s\n" "321. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "325. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -305765,13 +307951,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_321
-#AT_START_322
-at_fn_group_banner 322 'rfc3964_ipv4.at:1' \
+#AT_STOP_325
+#AT_START_326
+at_fn_group_banner 326 'rfc3964_ipv4.at:1' \
"RFC3964_IPv4" " " 11
at_xfail=no
(
- printf "%s\n" "322. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "326. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -306462,13 +308648,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_322
-#AT_START_323
-at_fn_group_banner 323 'service_include.at:1' \
+#AT_STOP_326
+#AT_START_327
+at_fn_group_banner 327 'service_include.at:1' \
"service include" " " 11
at_xfail=no
(
- printf "%s\n" "323. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "327. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -307573,13 +309759,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_323
-#AT_START_324
-at_fn_group_banner 324 'helpers_custom.at:1' \
+#AT_STOP_327
+#AT_START_328
+at_fn_group_banner 328 'helpers_custom.at:1' \
"customer helpers" " " 11
at_xfail=no
(
- printf "%s\n" "324. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "328. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -308851,13 +311037,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_324
-#AT_START_325
-at_fn_group_banner 325 'policy.at:5' \
+#AT_STOP_328
+#AT_START_329
+at_fn_group_banner 329 'policy.at:5' \
"policy - xml" " " 11
at_xfail=no
(
- printf "%s\n" "325. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "329. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -309263,13 +311449,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_325
-#AT_START_326
-at_fn_group_banner 326 'policy.at:79' \
+#AT_STOP_329
+#AT_START_330
+at_fn_group_banner 330 'policy.at:79' \
"policy - create" " " 11
at_xfail=no
(
- printf "%s\n" "326. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "330. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -309681,13 +311867,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_326
-#AT_START_327
-at_fn_group_banner 327 'policy.at:96' \
+#AT_STOP_330
+#AT_START_331
+at_fn_group_banner 331 'policy.at:96' \
"policy - name" " " 11
at_xfail=no
(
- printf "%s\n" "327. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "331. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -310037,13 +312223,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_327
-#AT_START_328
-at_fn_group_banner 328 'policy.at:109' \
+#AT_STOP_331
+#AT_START_332
+at_fn_group_banner 332 'policy.at:109' \
"policy - list" " " 11
at_xfail=no
(
- printf "%s\n" "328. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "332. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -310540,13 +312726,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_328
-#AT_START_329
-at_fn_group_banner 329 'policy.at:231' \
+#AT_STOP_332
+#AT_START_333
+at_fn_group_banner 333 'policy.at:231' \
"policy - options" " " 11
at_xfail=no
(
- printf "%s\n" "329. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "333. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -311583,13 +313769,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_329
-#AT_START_330
-at_fn_group_banner 330 'policy.at:286' \
+#AT_STOP_333
+#AT_START_334
+at_fn_group_banner 334 'policy.at:286' \
"policy - priority" " " 11
at_xfail=no
(
- printf "%s\n" "330. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "334. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -312882,13 +315068,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_330
-#AT_START_331
-at_fn_group_banner 331 'policy.at:470' \
+#AT_STOP_334
+#AT_START_335
+at_fn_group_banner 335 'policy.at:470' \
"policy - zones" " " 11
at_xfail=no
(
- printf "%s\n" "331. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "335. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -315803,13 +317989,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_331
-#AT_START_332
-at_fn_group_banner 332 'policy.at:822' \
+#AT_STOP_335
+#AT_START_336
+at_fn_group_banner 336 'policy.at:822' \
"policy - dispatch" " " 11
at_xfail=no
(
- printf "%s\n" "332. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "336. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -327859,13 +330045,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_332
-#AT_START_333
-at_fn_group_banner 333 'policy.at:5352' \
+#AT_STOP_336
+#AT_START_337
+at_fn_group_banner 337 'policy.at:5352' \
"policy - interfaces/sources" " " 11
at_xfail=no
(
- printf "%s\n" "333. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "337. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -329760,13 +331946,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_333
-#AT_START_334
-at_fn_group_banner 334 'policy.at:6073' \
+#AT_STOP_337
+#AT_START_338
+at_fn_group_banner 338 'policy.at:6073' \
"policy - target" " " 11
at_xfail=no
(
- printf "%s\n" "334. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "338. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -330375,13 +332561,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_334
-#AT_START_335
-at_fn_group_banner 335 'policy.at:6122' \
+#AT_STOP_338
+#AT_START_339
+at_fn_group_banner 339 'policy.at:6122' \
"policy - from file" " " 11
at_xfail=no
(
- printf "%s\n" "335. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "339. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -330800,13 +332986,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_335
-#AT_START_336
-at_fn_group_banner 336 'policy.at:6139' \
+#AT_STOP_339
+#AT_START_340
+at_fn_group_banner 340 'policy.at:6139' \
"policy - zone drifting not allowed" " " 11
at_xfail=no
(
- printf "%s\n" "336. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "340. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -331546,13 +333732,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_336
-#AT_START_337
-at_fn_group_banner 337 'policy.at:6301' \
+#AT_STOP_340
+#AT_START_341
+at_fn_group_banner 341 'policy.at:6301' \
"policy - multiple using same zone source" " " 11
at_xfail=no
(
- printf "%s\n" "337. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "341. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -332018,13 +334204,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_337
-#AT_START_338
-at_fn_group_banner 338 'services.at:1' \
+#AT_STOP_341
+#AT_START_342
+at_fn_group_banner 342 'services.at:1' \
"services" " " 11
at_xfail=no
(
- printf "%s\n" "338. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "342. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -333254,13 +335440,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_338
-#AT_START_339
-at_fn_group_banner 339 'ports.at:1' \
+#AT_STOP_342
+#AT_START_343
+at_fn_group_banner 343 'ports.at:1' \
"ports" " " 11
at_xfail=no
(
- printf "%s\n" "339. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "343. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -334763,13 +336949,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_339
-#AT_START_340
-at_fn_group_banner 340 'source_ports.at:1' \
+#AT_STOP_343
+#AT_START_344
+at_fn_group_banner 344 'source_ports.at:1' \
"source ports" " " 11
at_xfail=no
(
- printf "%s\n" "340. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "344. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -336272,13 +338458,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_340
-#AT_START_341
-at_fn_group_banner 341 'forward_ports.at:1' \
+#AT_STOP_344
+#AT_START_345
+at_fn_group_banner 345 'forward_ports.at:1' \
"forward ports" " " 11
at_xfail=no
(
- printf "%s\n" "341. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "345. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -338974,13 +341160,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_341
-#AT_START_342
-at_fn_group_banner 342 'forward_ports.at:207' \
+#AT_STOP_345
+#AT_START_346
+at_fn_group_banner 346 'forward_ports.at:207' \
"forward ports (OUTPUT)" " " 11
at_xfail=no
(
- printf "%s\n" "342. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "346. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -340089,13 +342275,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_342
-#AT_START_343
-at_fn_group_banner 343 'forward_ports.at:287' \
+#AT_STOP_346
+#AT_START_347
+at_fn_group_banner 347 'forward_ports.at:287' \
"forward ports - logging and limiting" " " 11
at_xfail=no
(
- printf "%s\n" "343. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "347. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -340614,13 +342800,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_343
-#AT_START_344
-at_fn_group_banner 344 'masquerade.at:1' \
+#AT_STOP_347
+#AT_START_348
+at_fn_group_banner 348 'masquerade.at:1' \
"masquerade" " " 11
at_xfail=no
(
- printf "%s\n" "344. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "348. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -342183,13 +344369,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_344
-#AT_START_345
-at_fn_group_banner 345 'protocols.at:1' \
+#AT_STOP_348
+#AT_START_349
+at_fn_group_banner 349 'protocols.at:1' \
"protocols" " " 11
at_xfail=no
(
- printf "%s\n" "345. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "349. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -343539,13 +345725,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_345
-#AT_START_346
-at_fn_group_banner 346 'rich_rules.at:1' \
+#AT_STOP_349
+#AT_START_350
+at_fn_group_banner 350 'rich_rules.at:1' \
"rich rules" " " 11
at_xfail=no
(
- printf "%s\n" "346. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "350. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -346008,13 +348194,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_346
-#AT_START_347
-at_fn_group_banner 347 'icmp_blocks.at:1' \
+#AT_STOP_350
+#AT_START_351
+at_fn_group_banner 351 'icmp_blocks.at:1' \
"ICMP blocks" " " 11
at_xfail=no
(
- printf "%s\n" "347. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "351. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -347737,13 +349923,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_347
-#AT_START_348
-at_fn_group_banner 348 'rich_tcp_mss_clamp.at:5' \
+#AT_STOP_351
+#AT_START_352
+at_fn_group_banner 352 'rich_tcp_mss_clamp.at:5' \
"tcp-mss-clamp" " " 11
at_xfail=no
(
- printf "%s\n" "348. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "352. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -348611,13 +350797,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_348
-#AT_START_349
-at_fn_group_banner 349 'rich_destination_ipset.at:1' \
+#AT_STOP_352
+#AT_START_353
+at_fn_group_banner 353 'rich_destination_ipset.at:1' \
"rich destination ipset" " " 11
at_xfail=no
(
- printf "%s\n" "349. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "353. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -349307,13 +351493,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_349
-#AT_START_350
-at_fn_group_banner 350 'zone.at:1' \
+#AT_STOP_353
+#AT_START_354
+at_fn_group_banner 354 'zone.at:1' \
"zone - target" " " 11
at_xfail=no
(
- printf "%s\n" "350. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "354. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -350543,13 +352729,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_350
-#AT_START_351
-at_fn_group_banner 351 'rpfilter.at:1' \
+#AT_STOP_354
+#AT_START_355
+at_fn_group_banner 355 'rpfilter.at:1' \
"rpfilter - strict" " " 11
at_xfail=no
(
- printf "%s\n" "351. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "355. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -350928,13 +353114,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_351
-#AT_START_352
-at_fn_group_banner 352 'rpfilter.at:27' \
+#AT_STOP_355
+#AT_START_356
+at_fn_group_banner 356 'rpfilter.at:27' \
"rpfilter - loose" " " 11
at_xfail=no
(
- printf "%s\n" "352. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "356. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -351313,13 +353499,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_352
-#AT_START_353
-at_fn_group_banner 353 'rpfilter.at:53' \
+#AT_STOP_356
+#AT_START_357
+at_fn_group_banner 357 'rpfilter.at:53' \
"rpfilter - strict-forward" " " 11
at_xfail=no
(
- printf "%s\n" "353. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "357. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -351661,13 +353847,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_353
-#AT_START_354
-at_fn_group_banner 354 'rpfilter.at:89' \
+#AT_STOP_357
+#AT_START_358
+at_fn_group_banner 358 'rpfilter.at:89' \
"rpfilter - loose-forward" " " 11
at_xfail=no
(
- printf "%s\n" "354. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "358. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -352009,13 +354195,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_354
-#AT_START_355
-at_fn_group_banner 355 'rpfilter.at:125' \
+#AT_STOP_358
+#AT_START_359
+at_fn_group_banner 359 'rpfilter.at:125' \
"rpfilter - config values" " " 11
at_xfail=no
(
- printf "%s\n" "355. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "359. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -352331,15 +354517,394 @@ $at_traceon; }
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"IPv6_rpfilter2\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } "
+at_fn_check_prepare_notrace 'a $(...) command substitution' "rpfilter.at:131"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"IPv6_rpfilter2" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; }
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+echo >>"$at_stdout"; printf "%s\n" "variant string \"no\"
+" | \
+ $at_diff - "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=yes/' ./firewalld.conf"
+at_fn_check_prepare_trace "rpfilter.at:131"
+( $at_check_trace; sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=yes/' ./firewalld.conf
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:131"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:131"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"IPv6_rpfilter2\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } "
+at_fn_check_prepare_notrace 'a $(...) command substitution' "rpfilter.at:131"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"IPv6_rpfilter2" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; }
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+echo >>"$at_stdout"; printf "%s\n" "variant string \"yes\"
+" | \
+ $at_diff - "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=false/' ./firewalld.conf"
+at_fn_check_prepare_trace "rpfilter.at:131"
+( $at_check_trace; sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=false/' ./firewalld.conf
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:131"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:131"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"IPv6_rpfilter2\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } "
+at_fn_check_prepare_notrace 'a $(...) command substitution' "rpfilter.at:131"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"IPv6_rpfilter2" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; }
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+echo >>"$at_stdout"; printf "%s\n" "variant string \"false\"
+" | \
+ $at_diff - "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=true/' ./firewalld.conf"
+at_fn_check_prepare_trace "rpfilter.at:131"
+( $at_check_trace; sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=true/' ./firewalld.conf
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:131"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:131"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"IPv6_rpfilter2\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } "
+at_fn_check_prepare_notrace 'a $(...) command substitution' "rpfilter.at:131"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"IPv6_rpfilter2" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; }
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+echo >>"$at_stdout"; printf "%s\n" "variant string \"true\"
+" | \
+ $at_diff - "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=strict/' ./firewalld.conf"
+at_fn_check_prepare_trace "rpfilter.at:131"
+( $at_check_trace; sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=strict/' ./firewalld.conf
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:131"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:131"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"IPv6_rpfilter2\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } "
+at_fn_check_prepare_notrace 'a $(...) command substitution' "rpfilter.at:131"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"IPv6_rpfilter2" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; }
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+echo >>"$at_stdout"; printf "%s\n" "variant string \"strict\"
+" | \
+ $at_diff - "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=loose/' ./firewalld.conf"
+at_fn_check_prepare_trace "rpfilter.at:131"
+( $at_check_trace; sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=loose/' ./firewalld.conf
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:131"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:131"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
+
+
+
{ set +x
-printf "%s\n" "$at_srcdir/rpfilter.at:131: sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=yes/' ./firewalld.conf"
-at_fn_check_prepare_trace "rpfilter.at:131"
-( $at_check_trace; sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=yes/' ./firewalld.conf
+printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"IPv6_rpfilter2\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } "
+at_fn_check_prepare_notrace 'a $(...) command substitution' "rpfilter.at:131"
+( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"IPv6_rpfilter2" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; }
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
+echo >>"$at_stdout"; printf "%s\n" "variant string \"loose\"
+" | \
+ $at_diff - "$at_stdout" || at_failed=:
at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -352348,16 +354913,34 @@ $at_traceon; }
+
+{ set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:142: sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=bogus/' ./firewalld.conf"
+at_fn_check_prepare_trace "rpfilter.at:142"
+( $at_check_trace; sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=bogus/' ./firewalld.conf
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:142"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+
+
+
+
+
{ set +x
-printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:131"
+printf "%s\n" "$at_srcdir/rpfilter.at:143: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:143"
( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:143"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -352368,15 +354951,15 @@ $at_traceon; }
{ set +x
-printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:131"
+printf "%s\n" "$at_srcdir/rpfilter.at:143: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:143"
( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:143"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -352385,52 +354968,150 @@ $at_traceon; }
- { set +x
-printf "%s\n" "$at_srcdir/rpfilter.at:131: sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=false/' ./firewalld.conf"
-at_fn_check_prepare_trace "rpfilter.at:131"
-( $at_check_trace; sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=false/' ./firewalld.conf
+
+
+ if test x"-e "/^WARNING: IPv6_rpfilter 'bogus' is not valid/d"" != x"ignore"; then
+ printf "%s\n" "rpfilter.at:145" >"$at_check_line_file"
+(cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e "/^WARNING: IPv6_rpfilter 'bogus' is not valid/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \
+ && at_fn_check_skip 99 "$at_srcdir/rpfilter.at:145"
+ fi
+
+
+
+ set +x
+ $at_times_p && times >"$at_times_file"
+) 5>&1 2>&1 7>&- | eval $at_tee_pipe
+read at_status <"$at_status_file"
+#AT_STOP_359
+#AT_START_360
+at_fn_group_banner 360 'rpfilter.at:147' \
+ "rpfilter - config values, -forward" " " 11
+at_xfail=no
+(
+ printf "%s\n" "360. $at_setup_line: testing $at_desc ..."
+ $at_traceon
+
+
+
+
+
+
+
+
+
+ test -z "$PYTHON" && export PYTHON="python3"
+ test -z "$EBTABLES" && export EBTABLES="ebtables"
+ test -z "$IPTABLES" && export IPTABLES="iptables"
+ test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore"
+ test -z "$IP6TABLES" && export IP6TABLES="ip6tables"
+ test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore"
+ test -z "$IPSET" && export IPSET="ipset"
+ test -z "$PODMAN" && export PODMAN="podman"
+
+ if locale -a |grep "^C.utf8" >/dev/null; then
+ LC_ALL="C.UTF-8"
+ export LC_ALL
+ fi
+
+ ULIMIT_VAL=""
+ if test -z "$ULIMIT_VAL" ; then
+ ULIMIT_VAL=102400
+ fi
+ if test "$ULIMIT_VAL" -ne 0 ; then
+ ulimit -d "$ULIMIT_VAL"
+ fi
+
+ if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:147: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi"
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:147"
+( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:147"
$at_failed && at_fn_log_failure
$at_traceon; }
+ else
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:147: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi"
+at_fn_check_prepare_trace "rpfilter.at:147"
+( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
+at_status=$? at_failed=false
+$at_check_filter
+at_fn_diff_devnull "$at_stderr" || at_failed=:
+at_fn_diff_devnull "$at_stdout" || at_failed=:
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:147"
+$at_failed && at_fn_log_failure
+$at_traceon; }
+ fi
-
- { set +x
-printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:131"
-( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:147: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf"
+at_fn_check_prepare_trace "rpfilter.at:147"
+( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:147"
$at_failed && at_fn_log_failure
$at_traceon; }
+ kill_firewalld() {
+ pid=$(cat firewalld.pid)
+ kill $pid
+ for I in 1 2 3 4 5 6 7 8 9 0; do
+ ps --pid $pid >/dev/null || { pid=0; break; }
+ sleep 1
+ done
+ test $pid -eq 0 || { kill -9 $pid; sleep 3; }
+ }
+ kill_networkmanager() {
+ if test -f networkmanager.pid; then
- { set +x
-printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:131"
-( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state
+ pid=$(cat networkmanager.pid)
+ kill $pid
+ for I in 1 2 3 4 5 6 7 8 9 0; do
+ ps --pid $pid >/dev/null || { pid=0; break; }
+ sleep 1
+ done
+ test $pid -eq 0 || { kill -9 $pid; sleep 3; }
+
+ fi
+ }
+
+ echo "" > cleanup
+ echo "" > cleanup_late
+ trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT
+
+
+
+
+
+ echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:147: ip netns add fwd-test-\${at_group_normalized}"
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:147"
+( $at_check_trace; ip netns add fwd-test-${at_group_normalized}
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:147"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -352438,17 +355119,150 @@ $at_traceon; }
+ printf "%s\n" "rpfilter.at:147" >"$at_check_line_file"
+(! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \
+ && at_fn_check_skip 77 "$at_srcdir/rpfilter.at:147"
+
+
+
+
+ cat >./dbus.conf <<'_ATEOF'
+
+ <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+ <busconfig>
+ <fork />
+ <auth>EXTERNAL</auth>
+ <listen>unix:path=/tmp/dummy</listen>
+ <policy context="default">
+ <allow user="*"/>
+ <allow send_type="signal"/>
+ <allow send_requested_reply="true" send_type="method_return"/>
+ <allow send_requested_reply="true" send_type="error"/>
+ <allow receive_type="method_call"/>
+ <allow receive_type="method_return"/>
+ <allow receive_type="error"/>
+ <allow receive_type="signal"/>
+ <allow send_destination="org.freedesktop.DBus"/>
+ </policy>
+ <!-- from .../config/FirewallD.conf -->
+ <policy user="root">
+ <allow own="org.fedoraproject.FirewallD1"/>
+ <allow own="org.fedoraproject.FirewallD1.config"/>
+ <allow send_destination="org.fedoraproject.FirewallD1"/>
+ <allow send_destination="org.fedoraproject.FirewallD1.config"/>
+ </policy>
+ <policy context="default">
+ <allow send_destination="org.fedoraproject.FirewallD1"/>
+ <allow send_destination="org.fedoraproject.FirewallD1"
+ send_interface="org.freedesktop.DBus.Introspectable"/>
+ <allow send_destination="org.fedoraproject.FirewallD1"
+ send_interface="org.freedesktop.DBus.Properties"/>
+ <allow send_destination="org.fedoraproject.FirewallD1.config"/>
+ </policy>
+
+ <!-- from org.freedesktop.NetworkManager.conf -->
+ <policy user="root">
+ <allow own="org.freedesktop.NetworkManager"/>
+ <allow send_destination="org.freedesktop.NetworkManager"/>
+
+ <allow send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager.PPP"/>
+
+ <allow send_interface="org.freedesktop.NetworkManager.SecretAgent"/>
+ <!-- These are there because some broken policies do
+ <deny send_interface="..." /> (see dbus-daemon(8) for details).
+ This seems to override that for the known VPN plugins.
+ -->
+ <allow send_destination="org.freedesktop.NetworkManager.openconnect"/>
+ <allow send_destination="org.freedesktop.NetworkManager.openswan"/>
+ <allow send_destination="org.freedesktop.NetworkManager.openvpn"/>
+ <allow send_destination="org.freedesktop.NetworkManager.pptp"/>
+ <allow send_destination="org.freedesktop.NetworkManager.vpnc"/>
+ <allow send_destination="org.freedesktop.NetworkManager.ssh"/>
+ <allow send_destination="org.freedesktop.NetworkManager.iodine"/>
+ <allow send_destination="org.freedesktop.NetworkManager.l2tp"/>
+ <allow send_destination="org.freedesktop.NetworkManager.libreswan"/>
+ <allow send_destination="org.freedesktop.NetworkManager.fortisslvpn"/>
+ <allow send_destination="org.freedesktop.NetworkManager.strongswan"/>
+ <allow send_interface="org.freedesktop.NetworkManager.VPN.Plugin"/>
+
+ <allow send_destination="org.fedoraproject.FirewallD1"/>
+
+ <!-- Allow the custom name for the dnsmasq instance spawned by NM
+ from the dns dnsmasq plugin to own it's dbus name, and for
+ messages to be sent to it.
+ -->
+ <allow own="org.freedesktop.NetworkManager.dnsmasq"/>
+ <allow send_destination="org.freedesktop.NetworkManager.dnsmasq"/>
+ </policy>
+ </busconfig>
+_ATEOF
+
+
+ DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" `
+ if test $? -ne 0; then
+ printf "%s\n" "rpfilter.at:147" >"$at_check_line_file"
+at_fn_check_skip 99 "$at_srcdir/rpfilter.at:147"
+ fi
+ echo "kill $DBUS_PID" >> ./cleanup_late
+
+
+
+
+
+
+
+ FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --log-target file --system-config ./"
+ ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}"
+ if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then
+ FIREWALLD_ARGS="${FIREWALLD_ARGS} --default-config ${FIREWALLD_DEFAULT_CONFIG}"
+ fi
+
+ env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS &
+ if test $? -ne 0; then
+ printf "%s\n" "rpfilter.at:147" >"$at_check_line_file"
+at_fn_check_skip 99 "$at_srcdir/rpfilter.at:147"
+ fi
+ echo "$!" > firewalld.pid
+
+ WANTED_CODE=""
+ up=0
+ for I in $(seq 60); do
+ env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state
+ RC=$?
+ echo "exit code = ${RC}"
+ if test ${RC} -eq ${WANTED_CODE:-0}; then
+ up=1
+ break
+ fi
+ sleep 1
+ done
+ printf "%s\n" "rpfilter.at:147" >"$at_check_line_file"
+(test $up -ne 1) \
+ && at_fn_check_skip 99 "$at_srcdir/rpfilter.at:147"
+
+
+
+
+
+
+
+
+
+
+
{ set +x
-printf "%s\n" "$at_srcdir/rpfilter.at:131: sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=true/' ./firewalld.conf"
-at_fn_check_prepare_trace "rpfilter.at:131"
-( $at_check_trace; sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=true/' ./firewalld.conf
+printf "%s\n" "$at_srcdir/rpfilter.at:154: sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=strict-forward/' ./firewalld.conf"
+at_fn_check_prepare_trace "rpfilter.at:154"
+( $at_check_trace; sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=strict-forward/' ./firewalld.conf
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:154"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -352456,16 +355270,17 @@ $at_traceon; }
+
{ set +x
-printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:131"
+printf "%s\n" "$at_srcdir/rpfilter.at:154: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:154"
( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+echo stderr:; cat "$at_stderr"
+echo stdout:; cat "$at_stdout"
+at_fn_check_status 114 $at_status "$at_srcdir/rpfilter.at:154"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -352476,15 +355291,15 @@ $at_traceon; }
{ set +x
-printf "%s\n" "$at_srcdir/rpfilter.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:131"
+printf "%s\n" "$at_srcdir/rpfilter.at:154: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:154"
( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:131"
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:154"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -352493,16 +355308,17 @@ $at_traceon; }
-{ set +x
-printf "%s\n" "$at_srcdir/rpfilter.at:136: sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=bogus/' ./firewalld.conf"
-at_fn_check_prepare_trace "rpfilter.at:136"
-( $at_check_trace; sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=bogus/' ./firewalld.conf
+
+ { set +x
+printf "%s\n" "$at_srcdir/rpfilter.at:154: sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=loose-forward/' ./firewalld.conf"
+at_fn_check_prepare_trace "rpfilter.at:154"
+( $at_check_trace; sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=loose-forward/' ./firewalld.conf
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:136"
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:154"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -352510,16 +355326,17 @@ $at_traceon; }
+
{ set +x
-printf "%s\n" "$at_srcdir/rpfilter.at:137: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:137"
+printf "%s\n" "$at_srcdir/rpfilter.at:154: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:154"
( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:137"
+echo stderr:; cat "$at_stderr"
+echo stdout:; cat "$at_stdout"
+at_fn_check_status 114 $at_status "$at_srcdir/rpfilter.at:154"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -352530,15 +355347,15 @@ $at_traceon; }
{ set +x
-printf "%s\n" "$at_srcdir/rpfilter.at:137: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state "
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:137"
+printf "%s\n" "$at_srcdir/rpfilter.at:154: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state "
+at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:154"
( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state
) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:137"
+at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:154"
$at_failed && at_fn_log_failure
$at_traceon; }
@@ -352549,10 +355366,12 @@ $at_traceon; }
- if test x"-e "/^WARNING: IPv6_rpfilter 'bogus' is not valid/d"" != x"ignore"; then
- printf "%s\n" "rpfilter.at:139" >"$at_check_line_file"
-(cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e "/^WARNING: IPv6_rpfilter 'bogus' is not valid/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \
- && at_fn_check_skip 99 "$at_srcdir/rpfilter.at:139"
+
+
+ if test x"-e "/^ERROR: INVALID_VALUE:.*is incompatible with FirewallBackend=iptables."" != x"ignore"; then
+ printf "%s\n" "rpfilter.at:168" >"$at_check_line_file"
+(cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e "/^ERROR: INVALID_VALUE:.*is incompatible with FirewallBackend=iptables." | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \
+ && at_fn_check_skip 99 "$at_srcdir/rpfilter.at:168"
fi
@@ -352561,13 +355380,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_355
-#AT_START_356
-at_fn_group_banner 356 'zone_combine.at:1' \
+#AT_STOP_360
+#AT_START_361
+at_fn_group_banner 361 'zone_combine.at:1' \
"zone - combine" " " 11
at_xfail=no
(
- printf "%s\n" "356. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "361. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -353287,13 +356106,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_356
-#AT_START_357
-at_fn_group_banner 357 'reset_defaults.at:1' \
+#AT_STOP_361
+#AT_START_362
+at_fn_group_banner 362 'reset_defaults.at:1' \
"reset defaults" " " 11
at_xfail=no
(
- printf "%s\n" "357. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "362. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -354212,13 +357031,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_357
-#AT_START_358
-at_fn_group_banner 358 'zone_priority.at:1' \
+#AT_STOP_362
+#AT_START_363
+at_fn_group_banner 363 'zone_priority.at:1' \
"zone - priority" " " 11
at_xfail=no
(
- printf "%s\n" "358. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "363. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -356617,13 +359436,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_358
-#AT_START_359
-at_fn_group_banner 359 'reloadpolicy.at:1' \
+#AT_STOP_363
+#AT_START_364
+at_fn_group_banner 364 'reloadpolicy.at:1' \
"check ReloadPolicy" " " 11
at_xfail=no
(
- printf "%s\n" "359. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "364. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -357043,13 +359862,13 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_359
-#AT_START_360
-at_fn_group_banner 360 'strict_forward_ports.at:1' \
+#AT_STOP_364
+#AT_START_365
+at_fn_group_banner 365 'strict_forward_ports.at:1' \
"strict forward ports" " " 11
at_xfail=no
(
- printf "%s\n" "360. $at_setup_line: testing $at_desc ..."
+ printf "%s\n" "365. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -358406,4 +361225,4 @@ $at_traceon; }
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_360
+#AT_STOP_365
-------------- next part --------------
diff --git a/config/Makefile.am b/config/Makefile.am
index e670fbc8..16a74304 100644
--- a/config/Makefile.am
+++ b/config/Makefile.am
@@ -30,6 +30,7 @@ gsettings_SCHEMAS = $(gsettings_in_file:.xml.in=.xml)
xmlschemadir = $(prefixlibdir)/xmlschema
dist_xmlschema_DATA = \
+ xmlschema/helper.xsd \
xmlschema/icmptype.xsd \
xmlschema/ipset.xsd \
xmlschema/service.xsd \
@@ -48,7 +49,7 @@ BUILT_SOURCES = \
@INTLTOOL_DESKTOP_RULE@
@INTLTOOL_POLICY_RULE@
- at INTLTOOL_XML_NOMERGE_RULE@
+ at INTLTOOL_XML_RULE@
@GSETTINGS_RULES@
all: $(desktop_DATA) $(appdata_DATA) $(applet_desktop_DATA) $(polkit1_action_DATA) $(gsettings_SCHEMAS)
diff --git a/config/firewalld.service.in b/config/firewalld.service.in
index f39c411d..b00d36cd 100644
--- a/config/firewalld.service.in
+++ b/config/firewalld.service.in
@@ -10,8 +10,10 @@ Documentation=man:firewalld(1)
[Service]
EnvironmentFile=-/etc/sysconfig/firewalld
ExecStart=@sbindir@/firewalld --nofork --nopid $FIREWALLD_ARGS
+ExecStartPost=@bindir@/firewall-cmd --state
+# don't fail ExecStartPost on RUNNING_BUT_FAILED
+SuccessExitStatus=251
ExecReload=/bin/kill -HUP $MAINPID
-# supress to log debug and error output also to /var/log/messages
StandardOutput=null
StandardError=null
Type=dbus
diff --git a/config/xmlschema/helper.xsd b/config/xmlschema/helper.xsd
new file mode 100644
index 00000000..1d5ba116
--- /dev/null
+++ b/config/xmlschema/helper.xsd
@@ -0,0 +1,26 @@
+<?xml version="1.0"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ lementFormDefault="qualified">
+
+<xs:element name="helper">
+ <xs:complexType>
+ <xs:choice maxOccurs="unbounded">
+ <xs:element name="port" type="porttype" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:choice>
+ <xs:attribute name="module" type="xs:string"/>
+ <xs:attribute name="family" type="familyrestrict"/>
+ </xs:complexType>
+</xs:element>
+
+<xs:simpleType name="familyrestrict">
+ <xs:restriction base="xs:string">
+ <xs:pattern value="ipv4|ipv6"/>
+ </xs:restriction>
+</xs:simpleType>
+
+<xs:complexType name="porttype">
+ <xs:attribute name="protocol" type="xs:string" use="required"/>
+ <xs:attribute name="port" type="xs:string" use="optional"/>
+</xs:complexType>
+
+</xs:schema>
diff --git a/debian/changelog b/debian/changelog
index 95256818..c834a4b9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+firewalld (2.3.1-1) unstable; urgency=medium
+
+ * New upstream version 2.3.1
+ * Rebase patches
+
+ -- Michael Biebl <biebl at debian.org> Sat, 26 Jul 2025 18:52:44 +0200
+
firewalld (2.3.0-4) unstable; urgency=medium
* test(nftables): table owner: use grep instead of head.
diff --git a/debian/patches/Remove-etc-sysconfig-firewalld-support.patch b/debian/patches/Remove-etc-sysconfig-firewalld-support.patch
index 8d7f0bbd..4a2472a8 100644
--- a/debian/patches/Remove-etc-sysconfig-firewalld-support.patch
+++ b/debian/patches/Remove-etc-sysconfig-firewalld-support.patch
@@ -9,7 +9,7 @@ can use the standard systemd mechanisms for that, like drop-ins.
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/config/firewalld.service.in b/config/firewalld.service.in
-index f39c411..ae24d00 100644
+index b00d36c..50e32e1 100644
--- a/config/firewalld.service.in
+++ b/config/firewalld.service.in
@@ -8,8 +8,7 @@ Conflicts=iptables.service ip6tables.service ebtables.service ipset.service
@@ -19,6 +19,6 @@ index f39c411..ae24d00 100644
-EnvironmentFile=-/etc/sysconfig/firewalld
-ExecStart=@sbindir@/firewalld --nofork --nopid $FIREWALLD_ARGS
+ExecStart=@sbindir@/firewalld --nofork --nopid
- ExecReload=/bin/kill -HUP $MAINPID
- # supress to log debug and error output also to /var/log/messages
- StandardOutput=null
+ ExecStartPost=@bindir@/firewall-cmd --state
+ # don't fail ExecStartPost on RUNNING_BUT_FAILED
+ SuccessExitStatus=251
diff --git a/debian/patches/series b/debian/patches/series
index f583b295..8c262ab8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,2 @@
Remove-etc-sysconfig-firewalld-support.patch
Switch-to-python3.patch
-test-nftables-table-owner-use-grep-instead-of-head.patch
diff --git a/debian/patches/test-nftables-table-owner-use-grep-instead-of-head.patch b/debian/patches/test-nftables-table-owner-use-grep-instead-of-head.patch
deleted file mode 100644
index d1d5972b..00000000
--- a/debian/patches/test-nftables-table-owner-use-grep-instead-of-head.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From: Eric Garver <eric at garver.life>
-Date: Wed, 7 May 2025 11:31:03 -0400
-Subject: test(nftables): table owner: use grep instead of head
-
-Using `head -n 2` will cause head to terminate early while the prior
-commands in the pipeline still have output. This will trigger SIGPIPE
-and in some cases causes messages on stderr. Use grep to consume all the
-output.
-
-Fixes: #1403
-Fixes: e7728b843c2e ("test(nftables): table ownership")
-
---->8---
-
-./nftables_table_owner.at:1: env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list table inet firewalld | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | head -n 2
---- /dev/null 2025-05-06 18:20:20.014443085 +0000
-+++ /home/runner/work/firewalld/firewalld/src/tests/testsuite.dir/at-groups/228/stderr 2025-05-06 18:31:38.431177759 +0000
-@@ -0,0 +1,2 @@
-+/home/runner/work/firewalld/firewalld/src/tests/testsuite.dir/at-groups/228/test-source: line 409: printf: write error: Broken pipe
-+/home/runner/work/firewalld/firewalld/src/tests/testsuite.dir/at-groups/228/test-source: line 409: echo: write error: Broken pipe
-228. nftables_table_owner.at:1: FAILED (nftables_table_owner.at:
-
-(cherry picked from commit 31e2584c5ada874639cbd80174c3fd745e392852)
----
- src/tests/features/nftables_table_owner.at | 21 +++++----------------
- 1 file changed, 5 insertions(+), 16 deletions(-)
-
-diff --git a/src/tests/features/nftables_table_owner.at b/src/tests/features/nftables_table_owner.at
-index abc946d..dd9c3de 100644
---- a/src/tests/features/nftables_table_owner.at
-+++ b/src/tests/features/nftables_table_owner.at
-@@ -7,32 +7,21 @@ FWD_RELOAD()
-
- AT_SKIP_IF([grep "Configuration has NftablesTableOwner=True, but it's not supported by nftables." ./firewalld.log])
-
--NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | head -n 2], 0, [m4_strip([dnl
-- table inet firewalld { # progname firewalld
-- flags owner,persist
--])])
-+dnl Make sure it's initially working
-+dnl
-+NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | grep "flags owner,persist"], 0, [ignore])
-
- dnl Test the transitions from On to Off
- dnl
--
- AT_CHECK([sed -i 's/^NftablesTableOwner=.*/NftablesTableOwner=no/' ./firewalld.conf])
- FWD_RELOAD()
--
--NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | head -n 2], 0, [m4_strip([dnl
-- table inet firewalld {
-- chain mangle_PREROUTING {
--])])
-+NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | grep "flags owner,persist"], 1)
-
- dnl Test the transitions from Off to On
- dnl
--
- AT_CHECK([sed -i 's/^NftablesTableOwner=.*/NftablesTableOwner=yes/' ./firewalld.conf])
- FWD_RELOAD()
--
--NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | head -n 2], 0, [m4_strip([dnl
-- table inet firewalld { # progname firewalld
-- flags owner,persist
--])])
-+NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | grep "flags owner,persist"], 0, [ignore])
-
- FWD_END_TEST()
- ])
diff --git a/doc/xml/firewalld.policies.xml b/doc/xml/firewalld.policies.xml
index 78953393..e5a2ccbf 100644
--- a/doc/xml/firewalld.policies.xml
+++ b/doc/xml/firewalld.policies.xml
@@ -42,7 +42,7 @@
<title>What is a policy?</title>
<para>
- A policy applies a set of rules to traffic flowing between
+ A policy applies a set of rules to traffic flowing
between zones (see zones (see <citerefentry>
<refentrytitle>firewalld.zones</refentrytitle>
<manvolnum>5</manvolnum> </citerefentry>). The policy affects
diff --git a/firewalld.spec b/firewalld.spec
index 49897b2a..79caa875 100644
--- a/firewalld.spec
+++ b/firewalld.spec
@@ -1,6 +1,6 @@
Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
Name: firewalld
-Version: 2.3.0
+Version: 2.3.1
Release: 1%{?dist}
URL: http://firewalld.org
License: GPL-2.0-or-later
@@ -257,5 +257,8 @@ fi
%{_mandir}/man1/firewall-config*.1*
%changelog
+* Tue Jun 10 2025 Eric Garver <eric at garver.life> - 2.3.1-1
+- release v2.3.1
+
* Mon Nov 04 2024 Eric Garver <eric at garver.life> - 2.3.0-1
- release v2.3.0
diff --git a/src/firewall-config.in b/src/firewall-config.in
index 02e9ae9c..0fb5fc8e 100755
--- a/src/firewall-config.in
+++ b/src/firewall-config.in
@@ -3549,7 +3549,8 @@ class FirewallConfig:
selection.select_iter(iter)
iter = self.serviceDialogServiceStore.iter_next(iter)
- self.serviceDialogOkButton.set_sensitive(False)
+ if old_service:
+ self.serviceDialogOkButton.set_sensitive(False)
self.serviceDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT)
self.serviceDialog.set_transient_for(self.mainWindow)
self.serviceDialog.show_all()
@@ -3699,25 +3700,22 @@ class FirewallConfig:
_("debug"): "debug",
} # 7, debug-level messages
+ rule_params = {}
+
# family
combolabel = self.richRuleDialogFamilyCombobox.get_active_text()
- if combolabel == _("ipv4"):
- rule = rich.Rich_Rule("ipv4") # ipv4 rule
- elif combolabel == _("ipv6"):
- rule = rich.Rich_Rule("ipv6") # ipv6 rule
- else:
- rule = rich.Rich_Rule() # ipv4+ipv6 rule
+ if combolabel in [_("ipv4"), _("ipv6")]:
+ rule_params["family"] = combolabel
# priority
priority = self.richRuleDialogPriorityEntry.get_value_as_int()
- if priority != 0:
- rule.priority = priority
+ rule_params["priority"] = priority
# element
if self.richRuleDialogElementCheck.get_active():
combolabel = self.richRuleDialogElementCombobox.get_active_text()
if combolabel == _("service"):
- rule.element = rich.Rich_Service(
+ rule_params["element"] = rich.Rich_Service(
self.richRuleDialogElementChooser.get_text()
)
elif combolabel == _("port"):
@@ -3729,17 +3727,16 @@ class FirewallConfig:
(port, proto) = text.split("/")
except:
return None
- rule.element = rich.Rich_Port(port, proto)
elif combolabel == _("protocol"):
- rule.element = rich.Rich_Protocol(
+ rule_params["element"] = rich.Rich_Protocol(
self.richRuleDialogElementChooser.get_text()
)
elif combolabel == _("icmp-block"):
- rule.element = rich.Rich_IcmpBlock(
+ rule_params["element"] = rich.Rich_IcmpBlock(
self.richRuleDialogElementChooser.get_text()
)
elif combolabel == _("icmp-type"):
- rule.element = rich.Rich_IcmpType(
+ rule_params["element"] = rich.Rich_IcmpType(
self.richRuleDialogElementChooser.get_text()
)
elif combolabel == _("forward-port"):
@@ -3748,9 +3745,11 @@ class FirewallConfig:
(port, proto, to_port, to_addr) = self.split_fwp_string(text)
except:
return None
- rule.element = rich.Rich_ForwardPort(port, proto, to_port, to_addr)
+ rule_params["element"] = rich.Rich_ForwardPort(
+ port, proto, to_port, to_addr
+ )
elif combolabel == _("masquerade"):
- rule.element = rich.Rich_Masquerade()
+ rule_params["element"] = rich.Rich_Masquerade()
elif combolabel == _("source-port"):
text = self.richRuleDialogElementChooser.get_text()
port = ""
@@ -3760,7 +3759,7 @@ class FirewallConfig:
(port, proto) = text.split("/")
except:
return None
- rule.element = rich.Rich_SourcePort(port, proto)
+ rule_params["element"] = rich.Rich_SourcePort(port, proto)
# action
if (
@@ -3777,19 +3776,19 @@ class FirewallConfig:
limit = rich.Rich_Limit(value)
combolabel = self.richRuleDialogActionCombobox.get_active_text()
if combolabel == _("accept"):
- rule.action = rich.Rich_Accept(limit)
+ rule_params["action"] = rich.Rich_Accept(limit)
elif combolabel == _("reject"):
_type = None
if self.richRuleDialogActionRejectTypeCheck.get_active():
_type = (
self.richRuleDialogActionRejectTypeCombobox.get_active_text()
)
- rule.action = rich.Rich_Reject(_type, limit)
+ rule_params["action"] = rich.Rich_Reject(_type, limit)
elif combolabel == _("drop"):
- rule.action = rich.Rich_Drop(limit)
+ rule_params["action"] = rich.Rich_Drop(limit)
elif combolabel == _("mark"):
_set = self.richRuleDialogActionMarkChooser.get_text()
- rule.action = rich.Rich_Mark(_set, limit)
+ rule_params["action"] = rich.Rich_Mark(_set, limit)
# source
if self.richRuleDialogSourceChooser.is_sensitive() and (
@@ -3804,7 +3803,7 @@ class FirewallConfig:
mac = self.richRuleDialogSourceChooser.get_text()
if txt == "ipset":
ipset = self.richRuleDialogSourceChooser.get_text()
- rule.source = rich.Rich_Source(
+ rule_params["source"] = rich.Rich_Source(
addr, mac, ipset, self.richRuleDialogSourceInvertCheck.get_active()
)
@@ -3813,7 +3812,7 @@ class FirewallConfig:
self.richRuleDialogDestinationChooser.get_text() != ""
or self.richRuleDialogDestinationInvertCheck.get_active()
):
- rule.destination = rich.Rich_Destination(
+ rule_params["destination"] = rich.Rich_Destination(
self.richRuleDialogDestinationChooser.get_text(),
None,
invert=self.richRuleDialogDestinationInvertCheck.get_active(),
@@ -3834,7 +3833,7 @@ class FirewallConfig:
limit = rich.Rich_Limit(value)
level = self.richRuleDialogLogLevelCombobox.get_active_text()
- rule.log = rich.Rich_Log(
+ rule_params["log"] = rich.Rich_Log(
self.richRuleDialogLogPrefixEntry.get_text(), loglevel[level], limit
)
@@ -3851,9 +3850,9 @@ class FirewallConfig:
self.richRuleDialogAuditLimitDurationCombobox.get_active_text()
]
limit = rich.Rich_Limit(value)
- rule.audit = rich.Rich_Audit(limit)
+ rule_params["audit"] = rich.Rich_Audit(limit)
- return rule
+ return rich.Rich_Rule(**rule_params)
def on_richRuleDialogFamilyCombobox_changed(self, *args):
combolabel = self.richRuleDialogFamilyCombobox.get_active_text()
@@ -3988,6 +3987,14 @@ class FirewallConfig:
self.richRuleDialogActionCheck.set_sensitive(False)
self.richRuleDialogActionBox.set_sensitive(False)
+ if (
+ self.richRuleDialogElementChooser.is_sensitive()
+ and not self.richRuleDialogElementChooser.get_text()
+ ):
+ self.richRuleDialogOkButton.set_sensitive(False)
+ self.richRuleDialogOkButton.set_tooltip_text(_("invalid element"))
+ return
+
rule = self.richRuleDialog_getRule()
try:
rule.check()
diff --git a/src/firewall/config/__init__.py b/src/firewall/config/__init__.py
index fd05c836..4d9ff412 100644
--- a/src/firewall/config/__init__.py
+++ b/src/firewall/config/__init__.py
@@ -30,7 +30,7 @@ APPLET_NAME = "firewall-applet"
DATADIR = "/usr/share/" + DAEMON_NAME
CONFIG_GLADE_NAME = CONFIG_NAME + ".glade"
COPYRIGHT = "(C) 2010-2017 Red Hat, Inc."
-VERSION = "2.3.0"
+VERSION = "2.3.1"
AUTHORS = [
"Thomas Woerner <twoerner at redhat.com>",
"Jiri Popelka <jpopelka at redhat.com>",
diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py
index 4f0da0ed..bf7c109a 100644
--- a/src/firewall/core/fw.py
+++ b/src/firewall/core/fw.py
@@ -272,22 +272,6 @@ class Firewall:
raise FirewallError(errors.UNKNOWN_ERROR, "No IPv4 and IPv6 firewall.")
def _start_probe_backends(self):
- try:
- self.ipset_backend.set_list()
- except ValueError:
- if self.nftables_enabled:
- log.info1(
- "ipset not usable, disabling ipset usage in firewall. Other set backends (nftables) remain usable."
- )
- else:
- log.warning("ipset not usable, disabling ipset usage in firewall.")
- self.ipset_supported_types = []
- # ipset is not usable
- self.ipset_enabled = False
- else:
- # ipset is usable, get all supported types
- self.ipset_supported_types = self.ipset_backend.set_supported_types()
-
self.ip4tables_backend.fill_exists()
if not self.ip4tables_backend.restore_command_exists:
if self.ip4tables_backend.command_exists:
diff --git a/src/firewall/core/io/policy.py b/src/firewall/core/io/policy.py
index c890cc0c..92827271 100644
--- a/src/firewall/core/io/policy.py
+++ b/src/firewall/core/io/policy.py
@@ -496,6 +496,22 @@ def common_check_config(obj, config, item, all_config, all_io_objects):
obj_type, obj.name, obj_rich.element.name
),
)
+ elif obj_rich.source and obj_rich.source.ipset:
+ if obj_rich.source.ipset not in all_io_objects["ipsets"]:
+ raise FirewallError(
+ errors.INVALID_IPSET,
+ "{} '{}': '{}' not among existing ipsets".format(
+ obj_type, obj.name, obj_rich.source.ipset
+ ),
+ )
+ elif obj_rich.destination and obj_rich.destination.ipset:
+ if obj_rich.destination.ipset not in all_io_objects["ipsets"]:
+ raise FirewallError(
+ errors.INVALID_IPSET,
+ "{} '{}': '{}' not among existing ipsets".format(
+ obj_type, obj.name, obj_rich.destination.ipset
+ ),
+ )
def _handler_add_rich_limit(handler, limit):
diff --git a/src/firewall/core/ipset.py b/src/firewall/core/ipset.py
index 2944dc23..fcf34a64 100644
--- a/src/firewall/core/ipset.py
+++ b/src/firewall/core/ipset.py
@@ -77,27 +77,6 @@ class ipset:
errors.INVALID_NAME, "ipset name '%s' is not valid" % name
)
- def set_supported_types(self):
- """Return types that are supported by the ipset command and kernel"""
- ret = []
- output = ""
- try:
- output = self.__run(["--help"])
- except ValueError as ex:
- log.debug1("ipset error: %s" % ex)
- lines = output.splitlines()
-
- in_types = False
- for line in lines:
- # print(line)
- if in_types:
- splits = line.strip().split(None, 2)
- if splits[0] not in ret and splits[0] in IPSET_TYPES:
- ret.append(splits[0])
- if line.startswith("Supported set types:"):
- in_types = True
- return ret
-
def check_type(self, type_name):
"""Check ipset type"""
if len(type_name) > IPSET_MAXNAMELEN or type_name not in IPSET_TYPES:
diff --git a/src/firewall/server/config.py b/src/firewall/server/config.py
index eb31789b..24c9baed 100644
--- a/src/firewall/server/config.py
+++ b/src/firewall/server/config.py
@@ -627,6 +627,7 @@ class FirewallDConfig(DbusServiceObject):
else:
return dbus.String("no")
elif prop == "IPv6_rpfilter2":
+ value = self.config.get_firewalld_conf().get("IPv6_rpfilter")
if value is None:
value = config.FALLBACK_IPV6_RPFILTER
return dbus.String(value)
@@ -766,28 +767,32 @@ class FirewallDConfig(DbusServiceObject):
errors.INVALID_VALUE,
"'%s' for %s" % (new_value, property_name),
)
+ config_name = property_name
elif property_name == "LogDenied":
if new_value not in config.LOG_DENIED_VALUES:
raise FirewallError(
errors.INVALID_VALUE,
"'%s' for %s" % (new_value, property_name),
)
+ config_name = property_name
elif property_name == "FirewallBackend":
if new_value not in config.FIREWALL_BACKEND_VALUES:
raise FirewallError(
errors.INVALID_VALUE,
"'%s' for %s" % (new_value, property_name),
)
+ config_name = property_name
elif property_name == "IPv6_rpfilter2":
if new_value not in config.IPV6_RPFILTER_VALUES:
raise FirewallError(
errors.INVALID_VALUE,
"'%s' for %s" % (new_value, property_name),
)
+ config_name = "IPv6_rpfilter"
else:
raise errors.BugError(f'Unhandled property_name "{property_name}"')
- self.config.get_firewalld_conf().set(property_name, new_value)
+ self.config.get_firewalld_conf().set(config_name, new_value)
self.config.get_firewalld_conf().write()
self.PropertiesChanged(interface_name, {property_name: new_value}, [])
elif interface_name in [
diff --git a/src/tests/features/nftables_table_owner.at b/src/tests/features/nftables_table_owner.at
index abc946da..dd9c3dee 100644
--- a/src/tests/features/nftables_table_owner.at
+++ b/src/tests/features/nftables_table_owner.at
@@ -7,32 +7,21 @@ FWD_RELOAD()
AT_SKIP_IF([grep "Configuration has NftablesTableOwner=True, but it's not supported by nftables." ./firewalld.log])
-NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | head -n 2], 0, [m4_strip([dnl
- table inet firewalld { # progname firewalld
- flags owner,persist
-])])
+dnl Make sure it's initially working
+dnl
+NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | grep "flags owner,persist"], 0, [ignore])
dnl Test the transitions from On to Off
dnl
-
AT_CHECK([sed -i 's/^NftablesTableOwner=.*/NftablesTableOwner=no/' ./firewalld.conf])
FWD_RELOAD()
-
-NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | head -n 2], 0, [m4_strip([dnl
- table inet firewalld {
- chain mangle_PREROUTING {
-])])
+NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | grep "flags owner,persist"], 1)
dnl Test the transitions from Off to On
dnl
-
AT_CHECK([sed -i 's/^NftablesTableOwner=.*/NftablesTableOwner=yes/' ./firewalld.conf])
FWD_RELOAD()
-
-NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | head -n 2], 0, [m4_strip([dnl
- table inet firewalld { # progname firewalld
- flags owner,persist
-])])
+NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | grep "flags owner,persist"], 0, [ignore])
FWD_END_TEST()
])
diff --git a/src/tests/features/rpfilter.at b/src/tests/features/rpfilter.at
index 0ae6de3b..a0771ff4 100644
--- a/src/tests/features/rpfilter.at
+++ b/src/tests/features/rpfilter.at
@@ -123,17 +123,46 @@ NFT_LIST_RULES([inet], [filter_PREROUTING], 0, [dnl
FWD_END_TEST([-e "/^ERROR: INVALID_VALUE:/d"])
FWD_START_TEST([rpfilter - config values])
-AT_KEYWORDS(rpfilter)
+AT_KEYWORDS(rpfilter RHEL-72937)
CHECK_NFTABLES_FIB()
-dnl Verify other/deprecated configuration values are accepted.
+dnl Verify all configuration values are accepted.
dnl
-m4_foreach([VALUE], [[no], [yes], [false], [true]], [
+m4_foreach([VALUE], [[no], [yes], [false], [true], [strict], [loose]], [
AT_CHECK([sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=VALUE/' ./firewalld.conf])
FWD_RELOAD()
+ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [
+ DBUS_GET([config], [config], [string:"IPv6_rpfilter2"], 0, [dnl
+ variant string "VALUE"
+ ])
+ ])
])
+
dnl And a bogus one.
AT_CHECK([sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=bogus/' ./firewalld.conf])
FWD_RELOAD()
FWD_END_TEST([-e "/^WARNING: IPv6_rpfilter 'bogus' is not valid/d"])
+
+FWD_START_TEST([rpfilter - config values, -forward])
+AT_KEYWORDS(rpfilter RHEL-72937)
+CHECK_NFTABLES_FIB()
+CHECK_NFTABLES_FIB_IN_FORWARD()
+
+dnl These are not valid for iptables.
+dnl
+m4_foreach([VALUE], [[strict-forward], [loose-forward]], [
+ AT_CHECK([sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=VALUE/' ./firewalld.conf])
+ m4_if(iptables, FIREWALL_BACKEND, [
+ FWD_RELOAD(114, [ignore], [ignore])
+ ], [
+ FWD_RELOAD()
+ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [
+ DBUS_GET([config], [config], [string:"IPv6_rpfilter2"], 0, [dnl
+ variant string "VALUE"
+ ])
+ ])
+ ])
+])
+
+FWD_END_TEST([-e "/^ERROR: INVALID_VALUE:.*is incompatible with FirewallBackend=iptables."])
diff --git a/src/tests/package.m4 b/src/tests/package.m4
index f0795e34..75f77217 100644
--- a/src/tests/package.m4
+++ b/src/tests/package.m4
@@ -1,5 +1,5 @@
m4_define([AT_PACKAGE_NAME],[firewalld])
-m4_define([AT_PACKAGE_VERSION],[2.3.0])
-m4_define([AT_PACKAGE_STRING],[firewalld 2.3.0])
+m4_define([AT_PACKAGE_VERSION],[2.3.1])
+m4_define([AT_PACKAGE_STRING],[firewalld 2.3.1])
m4_define([AT_PACKAGE_URL],[http://firewalld.org/])
m4_define([AT_PACKAGE_BUGREPORT],[https://github.com/firewalld/firewalld])
diff --git a/src/tests/regression/RHEL-67103.at b/src/tests/regression/RHEL-67103.at
new file mode 100644
index 00000000..0cca7172
--- /dev/null
+++ b/src/tests/regression/RHEL-67103.at
@@ -0,0 +1,34 @@
+FWD_START_TEST([rich rule invalid ipset])
+AT_KEYWORDS(rich ipset RHEL-67103 RHEL-67331)
+
+dnl valid ipset
+FWD_CHECK([--permanent --new-ipset thisexists --type=hash:net], 0, [ignore])
+FWD_CHECK([--permanent --add-rich-rule="rule family=ipv4 source ipset=thisexists accept"], 0, [ignore])
+FWD_CHECK([--permanent --add-rich-rule="rule family=ipv4 destination ipset=thisexists accept"], 0, [ignore])
+FWD_RELOAD()
+
+dnl invalid ipset
+FWD_CHECK([ --add-rich-rule="rule family=ipv4 source ipset=doesnotexist accept"], 135, [ignore], [ignore])
+FWD_CHECK([--permanent --add-rich-rule="rule family=ipv4 source ipset=doesnotexist accept"], 135, [ignore], [ignore])
+FWD_CHECK([ --add-rich-rule="rule family=ipv4 destination ipset=doesnotexist accept"], 135, [ignore], [ignore])
+FWD_CHECK([--permanent --add-rich-rule="rule family=ipv4 destination ipset=doesnotexist accept"], 135, [ignore], [ignore])
+
+dnl verify checks for manually added XML
+AT_DATA([./zones/broken.xml], [m4_strip([dnl
+ <?xml version="1.0" encoding="utf-8"?>
+ <zone>
+ <short>broken</short>
+ <rule family="ipv4">
+ <source ipset="doesnotexist"/>
+ <accept/>
+ </rule>
+ <rule family="ipv4">
+ <destination ipset="doesnotexist"/>
+ <accept/>
+ </rule>
+ <forward/>
+ </zone>
+])])
+FWD_RELOAD(135, [ignore], [ignore])
+
+FWD_END_TEST([-e '/ERROR: INVALID_IPSET/d'])
diff --git a/src/tests/regression/ipset_scale.at b/src/tests/regression/ipset_scale.at
index 14bf4001..f544cc9c 100644
--- a/src/tests/regression/ipset_scale.at
+++ b/src/tests/regression/ipset_scale.at
@@ -1,5 +1,5 @@
FWD_START_TEST([ipset scale], 307200)
-AT_KEYWORDS(ipset gh738)
+AT_KEYWORDS(ipset gh738 scale)
dnl Create a huge ipset
diff --git a/src/tests/regression/regression.at b/src/tests/regression/regression.at
index 6b8f816b..bba49268 100644
--- a/src/tests/regression/regression.at
+++ b/src/tests/regression/regression.at
@@ -61,3 +61,4 @@ m4_include([regression/rhbz2222044.at])
m4_include([regression/gh1229.at])
m4_include([regression/gh1278.at])
m4_include([regression/gh1406.at])
+m4_include([regression/RHEL-67103.at])
diff --git a/src/tests/regression/rhbz1871298.at b/src/tests/regression/rhbz1871298.at
index 3a40e2a5..e9fcfe69 100644
--- a/src/tests/regression/rhbz1871298.at
+++ b/src/tests/regression/rhbz1871298.at
@@ -1,5 +1,5 @@
FWD_START_TEST([rich rule parsing bottleneck])
-AT_KEYWORDS(rich offline rhbz1871298)
+AT_KEYWORDS(rich offline rhbz1871298 scale)
AT_SKIP_IF([! NS_CMD([which timeout >/dev/null 2>&1])])
More information about the Pkg-utopia-maintainers
mailing list